Modify

Opened 5 years ago

Last modified 4 years ago

#11976 new defect

firewall limit and limit_burst options have no effect in redirect sections

Reported by: tero.janka@… Owned by: developers
Priority: normal Milestone: Barrier Breaker 14.07
Component: base system Version: Trunk
Keywords: firewall redirect limit limit_burst Cc:

Description

Steps to reproduce:

uci add firewall redirect
uci set firewall.@redirect[-1].target=DNAT
uci set firewall.@redirect[-1].src=wan
uci set firewall.@redirect[-1].dest=lan
uci set firewall.@redirect[-1].proto=tcp
uci set firewall.@redirect[-1].src_dport=80
uci set firewall.@redirect[-1].dest_ip=192.168.0.1
uci set firewall.@redirect[-1].dest_port=80
uci set firewall.@redirect[-1].limit=2/minute
uci set firewall.@redirect[-1].limit_burst=2
uci set firewall.@redirect[-1].name=www
uci commit firewall

/etc/init.d/firewall restart

iptables -t nat -L zone_wan_prerouting -n

This results in:

Chain zone_wan_prerouting (2 references)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 to:192.168.0.1:80

Instead of the expected:

Chain zone_wan_prerouting (2 references)
target     prot opt source               destination
DNAT       tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80 limit: avg 2/min burst 2 to:192.168.0.1:80

Attachments (0)

Change History (3)

comment:1 Changed 5 years ago by anonymous

Same problem, there is a way to add limit option?
Many thanks

comment:2 Changed 5 years ago by Crazy

Try to use 'rule' instead of 'redirect'

comment:3 Changed 4 years ago by jow

  • Milestone changed from Attitude Adjustment 12.09 to Barrier Breaker 14.07

Milestone Attitude Adjustment 12.09 deleted

Add Comment

Modify Ticket

Action
as new .
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.