iptable rule which should match and do rate limiting, seems to not match

Solution Unverified - Updated -

Issue

The customer has stopped firewalld and started iptables. The following rules are set in /etc/sysconfig/iptables. After setting the rules, iptables has been restarted.

 -A OUTPUT -s 192.0.2.0/24 -o sha1 -m hashlimit --hashlimit-above 385mb/s --hashlimit-mode dstip --hashlimit-name DOWN_UNYOU -j LOG_5B  <--*1
[..]
 -A LOG_5B -m hashlimit --hashlimit-above 1/min --hashlimit-burst 1 --hashlimit-mode srcip,dstip --hashlimit-name LOGDROP -j DROP
 -A LOG_5B -j LOG --log-prefix "iptables-flowctl-4A:" --log-level 7 --log-ip-options
 -A LOG_5B -j DROP
 COMMIT

In this situation, a 5GB file was uploaded from 192.0.2.2 to 192.0.2.3 with ftp command. Since the source address is 192.0.2.2, it should match the first-line rule above(*1). Yet, the upload was done with 421MB/s.

Environment

  • Red Hat Enterprise Linux (RHEL), various versions
  • iptables

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In