Re: question on rating SYN packets

All of lore.kernel.org
 help / color / mirror / Atom feed

From: uniplex <uniplex@maximum-linux.net>
To: "Leonardo Rodrigues Magalhães" <leolistas@solucoesip.net>
Cc: netfilter ML <netfilter@lists.samba.org>
Subject: Re: question on rating SYN packets
Date: Fri, 07 Feb 2003 19:48:03 +0000	[thread overview]
Message-ID: <3E440D73.6010107@maximum-linux.net> (raw)
In-Reply-To: 002b01c2cef4$74f9b860$3201a8c0@ESTACAO

Leonardo Rodrigues Magalhães wrote:
>     Hello Guys,
> 
>     I'm trying to modify my script firewalls for not allowing a LOT of
> connections being established on a specific port in a very small period of
> time. I know I could easily do this using a rule like:
> 
> iptables -A INPUT -p tcp --dport XX -m state --state NEW -m limit --limit
> Y/s -j ACCEPT
> 
> 
>     Altough, with this rule, I would be globally limiting connections for
> that specific port in Y connections per second. I would like to know if it's
> possible building a rule that would allow, for example, 1 SYN packet per
> second PER host. In this case, I wouldnt have a 'global' limit of SYN
> packets. In fact, I would have a SYN limitation for EACH host.
> 
>     Question: is it possible for building a rule like this ? Is there any
> filter on patch-o-matic tree that would allow this kind of rule ?
> 
> 
>     Sincerily,
>     Leonardo Rodrigues
>     Soluções IP
> 
> 
> 
> 

this doesn't do rate limiting but it does limit the number of parallel 
connections from any one IP address. This example limits parallel 
connections to 10 per IP.

iptables -A INPUT -i eth0 -p tcp --syn --dport XX -m iplimit 
-iplimit-above 10 -j DROP

next prev parent reply	other threads:[~2003-02-07 19:48 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-02-07 22:01 question on rating SYN packets Leonardo Rodrigues Magalhães
2003-02-07 19:48 ` uniplex [this message]
2003-02-08 19:23   ` Leonardo Rodrigues Magalhães
2003-02-08 18:44     ` uniplex

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3E440D73.6010107@maximum-linux.net \
    --to=uniplex@maximum-linux.net \
    --cc=leolistas@solucoesip.net \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.