Re: Rate Limiting After a Threshold

[Ray Leach <spoons@rchq.co.za>]

[-- Attachment #1: Type: text/plain, Size: 1666 bytes --]



John Jung wrote:
> Hi,
>
>   I'm new to IP Tables in general, but I've been able to whack away at 
> the rules to get connlimit to do what I want.  Now I'm trying to do 
> something more sophisticated, but it doesn't seem to work.
>
>   My ultimate goal is to allow most Web users to access my site, but 
> to slow down the abusers.  So, for example, I want to let in the first 
> 10 HTTP connections in, and then after that, limit that IP to only 20 
> connections per minute afterwards.  (And then after a certain point, 
> connlimit will block any additional connections by that IP.)
>
>   I'm using a vanilla 2.6.21.3 Linux kernel, but I can't figure out 
> how to do it.
>
>   I think hashlimit is the key, but it really just doesn't want to 
> work for me.  For example, I've tried:
>
>     iptables -A INPUT -p tcp --dport 23 -m hashlimit --hashlimit 1/hour
>       --hashlimit-mode srcip --hashlimit-burst 1 --hashlimit-name test
>       -j REJECT
>
>   but I can open up more than 1 telnet session in under a minute, let 
> alone an hour.
>
>   I've read and re-read the hashlimit man page, tried various 
> arguments that I've found on on the Web, all to now avail.
>
>   Any and all suggestions are welcomed.
If you're using iptables, what OS are you using? Why are you using the 
telnet port (23)? instead of the SSH port (22)?

-- 
<img src='http://www.danasoft.com/sig/spoonssig.jpg' />
--------------------------------------------------
RCHQ Hobbies cc
http://www.rchq.co.za and http://store.rchq.co.za
Fax: +27 86 652 2773       eMail: admin@rchq.co.za
P O Box 10376, Vorna Valley, Midrand, 1686
--------------------------------------------------