993772 – RFE: log limit 10/10m

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 993772 - RFE: log limit 10/10m

Summary: RFE: log limit 10/10m

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	firewalld
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Thomas Woerner
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	980210
TreeView+	depends on / blocked

Reported:	2013-08-06 12:10 UTC by Petr Sklenar
Modified:	2013-08-26 13:07 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-08-26 13:07:08 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Petr Sklenar 2013-08-06 12:10:33 UTC

Description of problem:
man  firewalld.richlanguage
search for:  [limit value="rate/duration"]

It is possible to limit logging: The rate is a natural positive number [1, ..], the duration of of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. The maximum limit value is "1/d" which means at ..


Version-Release number of selected component (if applicable):
firewalld-0.3.4-1.fc19.noarch

How reproducible:
deterministic

Steps to Reproduce:
1. limit value="10/10m"


Actual results:
not supported, you can add only 10/1m

Expected results:
limit values like "10/10m"

Additional info:

Comment 2 Jiri Popelka 2013-08-26 13:07:08 UTC

While I like the idea I can imagine some users won't be happy from the result.

Example1:
- user specifies 1/2h (i.e. once per two hours)
- firewalld has to transform it to what iptables' limit module [1] accepts, i.e. to 12/d
- user lists rules and finds something else then he specified previously

Even bigger problem could be when user specifies something that can't be transformed, e.g. 1/5h -> 4.8/d
The limit module truncates values after decimal point.
But rounding the value can make some users angry, so I'm afraid this is wontfix.

[1] http://thelowedown.wordpress.com/2008/07/03/iptables-how-to-use-the-limits-module/

Note You need to log in before you can comment on or make changes to this bug.