Bug 993772 - RFE: log limit 10/10m
RFE: log limit 10/10m
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: firewalld (Show other bugs)
7.0
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Thomas Woerner
: FutureFeature
Depends On:
Blocks: 980210
  Show dependency treegraph
 
Reported: 2013-08-06 08:10 EDT by Petr Sklenar
Modified: 2013-08-26 09:07 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-08-26 09:07:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Sklenar 2013-08-06 08:10:33 EDT
Description of problem:
man  firewalld.richlanguage
search for:  [limit value="rate/duration"]

It is possible to limit logging: The rate is a natural positive number [1, ..], the duration of of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. The maximum limit value is "1/d" which means at ..


Version-Release number of selected component (if applicable):
firewalld-0.3.4-1.fc19.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. limit value="10/10m"


Actual results:
not supported, you can add only 10/1m

Expected results:
limit values like "10/10m"

Additional info:
Comment 2 Jiri Popelka 2013-08-26 09:07:08 EDT
While I like the idea I can imagine some users won't be happy from the result.

Example1:
- user specifies 1/2h (i.e. once per two hours)
- firewalld has to transform it to what iptables' limit module [1] accepts, i.e. to 12/d
- user lists rules and finds something else then he specified previously

Even bigger problem could be when user specifies something that can't be transformed, e.g. 1/5h -> 4.8/d
The limit module truncates values after decimal point.
But rounding the value can make some users angry, so I'm afraid this is wontfix.

[1] http://thelowedown.wordpress.com/2008/07/03/iptables-how-to-use-the-limits-module/

Note You need to log in before you can comment on or make changes to this bug.