* Global logging limit
@ 2010-11-19 15:38 Salih Gönüllü
0 siblings, 0 replies; only message in thread
From: Salih Gönüllü @ 2010-11-19 15:38 UTC (permalink / raw)
To: netfilter
Hi,
I am trying to enforce a global logging limit on my rule set. I would to
like to be able to refer log entries to the causing rule too.
Here is what I am thinking of:
-N LogLimit
-A LogLimit -m limit --limit 3333/sec --limitburst 3000 -m MARK
--set-mark $LOGGING_MARK
-A LogLimit -j RETURN
....
-A ruleid:7906::: -p tcp -m tcp --dport 21 -j LogLimit
-A ruleid:7906::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2
--nflog-prefix "DROP by 7906"
-A ruleid:7906::: DROP
....
-A ruleid:7910::: -p tcp -m tcp --dport 389 -j LogLimit
-A ruleid:7910::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2
--nflog-prefix "DROP by 7910"
-A ruleid:7910::: DROP
Would I be paying a lot in term of performance by sending all dropped
packets to the LogLimit chain ? I am using ulogd2, would it be better to
put the limit in ulogd2 ?
Regards,
-salih
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-11-19 15:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-19 15:38 Global logging limit Salih Gönüllü
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.