On 2/9/2014 2:22 PM, Andrew wrote: > Dear Tom, > Sorry to bother You, I am new to this list and I have the feeling that > my very first message sent to [email protected] in > both plain & html format bounces back unread. I get: > - Results: > Ignoring non-text/plain MIME parts > - Unprocessed: > - - - - - - - - - - > > If the message has been received and repeated, please ignore this > repetition. > Andrew > > > > > Hi! > > I have been using Shorewall for several years and it has been working > without a glitch. > > Last week I tried to introduce RateLimit, Shorewall starts and everything > seems working fine, but when I test with ping, the RateLimit seems not > limiting anything. I have this in rules: > > ACCEPT net $FW icmp - - - s:icmp:5/min:5 > > and I ping intensely the WAN interface from several other machines - ping > response goes on and on. I expected it to stop after 5 consequent > pings.Changed RateLimit field to s:icmp:1/min:1 with no result. > > Same effect is observed on Fedora17 32 bit with Shorewall 4.5.7, then > updated to 4.5.15 and on Fedora19 64 bit box with Shorewall 4.5.15, all > installed from Fedora RPMs. > > I have read in the mailing list an old post explaining that browser does > not > break http connection and quickly pressing F5 does not actually create new > connections and therefore RateLimit is not applied. Does the same refer to > ping command and icmp protocole? How to test if RateLimit is operational? > > Attached is a compressed dump from F17 box. Thanks in advance! > > One more question: On F19 box some capabilities are not available: ACCOUNT > Target, IMQ Target, IPMARK Target, IPP2P Match. First is said to be > needed. Any idea which rpm contains these capabilities?
If you want to limit total echo-requests, you need to put your rule in the ALL section of the rules file rather than in the NEW section. -Tom PS -- I have no idea how F19 is packaged. But I assume that there is an xtables-addons package of some sort. -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Managing the Performance of Cloud-Based Applications Take advantage of what the Cloud has to offer - Avoid Common Pitfalls. Read the Whitepaper. http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
