iptable rule which should match and do rate limiting, seems to not match

Solution Unverified - Updated -


The customer has stopped firewalld and started iptables. The following rules are set in /etc/sysconfig/iptables. After setting the rules, iptables has been restarted.

 -A OUTPUT -s -o sha1 -m hashlimit --hashlimit-above 385mb/s --hashlimit-mode dstip --hashlimit-name DOWN_UNYOU -j LOG_5B  <--*1
 -A LOG_5B -m hashlimit --hashlimit-above 1/min --hashlimit-burst 1 --hashlimit-mode srcip,dstip --hashlimit-name LOGDROP -j DROP
 -A LOG_5B -j LOG --log-prefix "iptables-flowctl-4A:" --log-level 7 --log-ip-options
 -A LOG_5B -j DROP

In this situation, a 5GB file was uploaded from to with ftp command. Since the source address is, it should match the first-line rule above(*1). Yet, the upload was done with 421MB/s.


  • Red Hat Enterprise Linux (RHEL), various versions
  • iptables

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In