Re: Using iptables for throttling SMTP traffic

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pascal Hambourg <pascal.mail@plouf.fr.eu.org>
To: Alex <mysqlstudent@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Using iptables for throttling SMTP traffic
Date: Tue, 02 Nov 2010 10:55:42 +0100	[thread overview]
Message-ID: <4CCFE01E.6070205@plouf.fr.eu.org> (raw)
In-Reply-To: <AANLkTinMmFLt=23wMYdGKcrtLxdAGgCyRqJSbP2g0_iJ@mail.gmail.com>

Hello,

Alex a écrit :
> 
> I've set up a few basic rules to throttle SMTP traffic from an
> individual host should they make more than 10 connections in ten
> seconds:
> 
> iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set
> iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
> recent --update --seconds 10 --hitcount 10 -j LOG
> iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
> recent --update --seconds 10 --hitcount 10 -j DROP
> 
> Is this the correct way to do this? I notice the seconds value can't
> be any greater than 20. What is the reason for this?

--seconds or --hitcount ? The --hitcount value cannot be greater that
the ip_pkt_list_tot parameter of the ipt_recent/xt_recent kernel module
(otherwise it would never match), and the parameter default value is 20.
See the iptables man page for details.

next prev parent reply	other threads:[~2010-11-02  9:55 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-11-01 19:07 Using iptables for throttling SMTP traffic Alex
2010-11-02  9:30 ` Brent Clark
2010-11-02 14:11   ` Alex
2010-11-02  9:55 ` Pascal Hambourg [this message]
2010-11-02 11:01   ` Jan Engelhardt
  -- strict thread matches above, loose matches on Subject: below --
2010-11-28 16:02 Denial-of-Service attack on UDP-port 5060 (SIP/VoIP) Secure-SIP-Server
2010-11-28 18:59 ` Pascal Hambourg
2010-11-28 21:31   ` Secure-SIP-Server
2010-11-30 13:14     ` Using iptables for throttling SMTP traffic Secure-SIP-Server
2010-11-30 13:24       ` Jan Engelhardt
2010-11-30 14:01       ` lst_hoe02

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4CCFE01E.6070205@plouf.fr.eu.org \
    --to=pascal.mail@plouf.fr.eu.org \
    --cc=mysqlstudent@gmail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.