|
|
|
|
| Re: iptables: hashlimit (is a BUG?) [message #37475 is a reply to message #9918] |
Tue, 15 September 2009 10:38  |
lazy
Messages: 16
Registered: January 2008
|
Junior Member |
|
|
kernel rhel5 64.7 64 bit running Debian 5.0 64 bit
ipv6 is not compiled in, kernel config in att
iptables 1.4.2 from debian
any pointers what to do ?
strace iptables -I FORWARD -p tcp -s x.x.x.0/23 -m hashlimit --hashlimit-above 2000/second --hashlimit-mode srcip --hashlimit-srcmask 23 -j DROP
...
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
open("/proc/sys/kernel/modprobe", O_RDONLY) = 4
read(4, "/sbin/modprobe\n"..., 1024) = 15
close(4) = 0
clone(child_stack=0, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x2ace19cebe40) = 30911
wait4(-1, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 30911
--- SIGCHLD (Child exited) @ 0 (0) ---
getsockopt(3, SOL_IP, 0x42 /* IP_??? */, " hashlimit\0\357\31\316*\0\0`\315\17\32\316*\0\0\22\20\20\31\ 316\0 "..., [30]) = 0
close(3) = 0
socket(PF_INET, SOCK_RAW, IPPROTO_RAW) = 3
getsockopt(3, SOL_IP, 0x42 /* IP_??? */, 0x7fff11027ee0, 0x7fff11027f0c) = -1 EPROTONOSUPPORT (Protocol not supported)
close(3) = 0
open("/lib/xtables/libxt_tcp.so", O_RDONLY) = 3
read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\f\0\0\0\0\0\0@ "..., 832) = 832
fstat(3, {st_mode=S_IFREG|0644, st_size=11408, ...}) = 0
mmap(NULL, 2106704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x2ace1a0fd000
mprotect(0x2ace1a0ff000, 2097152, PROT_NONE) = 0
mmap(0x2ace1a2ff000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x2ace1a2ff000
close(3) = 0
write(2, "iptables v1.4.2: "..., 17iptables v1.4.2: ) = 17
write(2, "Unknown arg `(null)'"..., 20Unknown arg `(null)') = 20
write(2, "\n"..., 1
) = 1
write(2, "Try `iptables -h' or 'iptables --"..., 61Try `iptables -h' or 'iptables --help' for more information.
) = 61
exit_group(2)
-
Attachment: cfg
(Size: 19.54KB, Downloaded 682 times)
|
|
|
|
OpenVZ Forum
Members
Search
Help
Register
Login
Home
