iptable rule which should match and do rate limiting, seems to not match
Issue
The customer has stopped firewalld and started iptables. The following rules are set in /etc/sysconfig/iptables. After setting the rules, iptables has been restarted.
-A OUTPUT -s 192.0.2.0/24 -o sha1 -m hashlimit --hashlimit-above 385mb/s --hashlimit-mode dstip --hashlimit-name DOWN_UNYOU -j LOG_5B <--*1
[..]
-A LOG_5B -m hashlimit --hashlimit-above 1/min --hashlimit-burst 1 --hashlimit-mode srcip,dstip --hashlimit-name LOGDROP -j DROP
-A LOG_5B -j LOG --log-prefix "iptables-flowctl-4A:" --log-level 7 --log-ip-options
-A LOG_5B -j DROP
COMMIT
In this situation, a 5GB file was uploaded from 192.0.2.2 to 192.0.2.3 with ftp command. Since the source address is 192.0.2.2, it should match the first-line rule above(*1). Yet, the upload was done with 421MB/s.
Environment
- Red Hat Enterprise Linux (RHEL), various versions
- iptables
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.