In Webmin > Networking > Linux FirewallI am attempting to set up a rule to drop packets if packet flow rate exceeds a defined threshold.
I've created a new chain referred to by a another condition
I've added a new rule, on screen Edit Rule I have set up the rule for staging
... a name
... an initial "Action to take" of "Do nothing"
... "Reject with ICMP type" left at Default
The rule goes into the new chain ok, I can apply changes and it is recorded and saved
Then I edit the rule in the "Condition Details" section and change
Packet Flow Rate to "Above" "5" / "minute"
(all other conditions are left at "ignore") then save the change, it saves
Then on the main Linux Firewall page, I click the "Apply Configuration" button, I get the following error
Failed to apply configuration :
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: nat mangle filter [ OK ]
Unloading iptables modules: [ OK ]
Applying iptables firewall rules: iptables-restore v1.3.5: limit does not support invert
Error occurred at line: 56
Try `iptables-restore -h' or 'iptables-restore --help' for more information.
[FAILED]
Comments
Submitted by JamieCameron on Sat, 11/14/2009 - 21:41 Comment #1
Sounds like a bug ..
What is on line 56 of your /etc/sysconfig/iptables file though? That will show me exactly what options the rule you added has ..
Submitted by sfbob on Sun, 11/15/2009 - 17:41 Comment #2
line 56 reads:
-A Bob-FTP-Deny -m limit ! --limit 5/minuteSubmitted by JamieCameron on Sun, 11/15/2009 - 18:49 Comment #3
Ok, I see now .. the negative option isn't actually allowed by iptables, but Webmin lets you set it. I will prevent this in the next Webmin release.
Submitted by Issues on Mon, 11/30/2009 - 05:19 Comment #4
Automatically closed -- issue fixed for 2 weeks with no activity.