[原文]iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator.
Red Hat iptables contains a flaw that may allow a malicious user to generate more or less traffic than intended by the administrator. The issue is triggered when iptables improperly converts rate limits issued by the -m command line argument. It is possible that a local attacker can send a malicious -m command to iptables to generate false traffic, resulting in a loss of integrity.
Upgrade to version Red Hat iptables 1.2.4-0.71.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.