Red Hat Bugzilla – Bug 993772
RFE: log limit 10/10m
Last modified: 2013-08-26 09:07:08 EDT
Description of problem: man firewalld.richlanguage search for: [limit value="rate/duration"] It is possible to limit logging: The rate is a natural positive number [1, ..], the duration of of "s", "m", "h", "d". "s" means seconds, "m" minutes, "h" hours and "d" days. The maximum limit value is "1/d" which means at .. Version-Release number of selected component (if applicable): firewalld-0.3.4-1.fc19.noarch How reproducible: deterministic Steps to Reproduce: 1. limit value="10/10m" Actual results: not supported, you can add only 10/1m Expected results: limit values like "10/10m" Additional info:
While I like the idea I can imagine some users won't be happy from the result. Example1: - user specifies 1/2h (i.e. once per two hours) - firewalld has to transform it to what iptables' limit module [1] accepts, i.e. to 12/d - user lists rules and finds something else then he specified previously Even bigger problem could be when user specifies something that can't be transformed, e.g. 1/5h -> 4.8/d The limit module truncates values after decimal point. But rounding the value can make some users angry, so I'm afraid this is wontfix. [1] http://thelowedown.wordpress.com/2008/07/03/iptables-how-to-use-the-limits-module/