Re: connlimit modul doesn't works as expected

2018-03-11 Thread Toralf Förster
On 03/10/2018 10:16 PM, Florian Westphal wrote: > Toralf Förster <toralf.foers...@gmx.de> wrote: >> At my server (stable hardened Gentoo with vanilla 4.15.7) I do have this >> rule: >> >> /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match &g

Re: connlimit modul doesn't works as expected

2018-03-11 Thread Toralf Förster
On 03/10/2018 10:16 PM, Florian Westphal wrote: > You could check via conntrack -L. # conntrack -L | wc -l conntrack v1.4.2 (conntrack-tools): 39698 flow entries have been shown. 39698 Many lines ... -- Toralf PGP C4EACDDE 0076E94E -- To unsubscribe from this list: send the line "unsubscribe

connlimit modul doesn't works as expected

2018-03-10 Thread Toralf Förster
At my server (stable hardened Gentoo with vanilla 4.15.7) I do have this rule: /sbin/iptables -A OUTPUT -p tcp --destination-port 443 --syn --match connlimit --connlimit-above 3000 --connlimit-mask 0 --connlimit-daddr --match limit --limit 1/second --limit-burst 1 -j LOG --log-prefix "443