Hi, A customer of mine has been hitting hashlimits issues in netfilter by switching from Debian 8 (3.16.y) to Debian 9 (4.9.y), making iptables hashlimits unusable for production.
This issue has been fixed in mainline with this commit: | commit ad5b55761956427f61ed9c96961bf9c5cd4f92dc | Author: Alban Browaeys <alban.browa...@gmail.com> | Date: Mon Feb 6 23:50:33 2017 +0100 | | netfilter: xt_hashlimit: Fix integer divide round to zero. Backporting this commit to Debian 9's 4.9.y kernel series has been confirmed to fix the bug there. It might be worth considering it for other stable kernels though. Downstream bug reports: https://bugs.debian.org/872907 https://bugs.debian.org/884983 Thanks for considering. Cheers, -- Cyril Brulebois -- Debian Consultant @ DEBAMAX -- https://debamax.com/
signature.asc
Description: PGP signature
