Re: rate limit by MAC - Самусенко Андрей

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: "Самусенко Андрей" <samusenko@msm.ru>
To: Richard Horton <arimus.uk@googlemail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: rate limit by MAC
Date: Wed, 01 Jul 2009 17:19:53 +0400	[thread overview]
Message-ID: <4A4B6279.6040504@msm.ru> (raw)
In-Reply-To: <56378e320907010448n2a02fa6cxf9653518f7eff428@mail.gmail.com>

Thank you, Richard.
I don't knew about changing MAC on each router.
My question have not sense.
How to fight with IP spoofing? =)

Richard Horton wrote:
> 2009/7/1 Самусенко Андрей <samusenko@msm.ru>:
>   
>> Hi!
>>
>> Can iptables limit rate by MAC? Think it no.
>>
>> What on Linux can do how i need?
>>
>> --
>> To unsubscribe from this list: send the line "unsubscribe netfilter" in
>> the body of a message to majordomo@vger.kernel.org
>> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>>
>>     
>
> You might be able to...
>
> iptables -A FORWARD -m mac --mac-source <<mac address>> -m limit
> --limit 100/s -j ACCEPT would restrict the given mac address to 100
> packets per second... but depending on how many mac addresses you have
> it might be too much to enter each rule...
>
> The hashlimit might be better if you can use ip addresses instead of
> mac addresses.
>
> --
> Richard Horton
> Users are like a virus: Each causing a thousand tiny crises until the
> host finally dies.
> http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
> http://www.pbase.com/arimus - My online photogallery
>
>

next prev parent reply	other threads:[~2009-07-01 13:19 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2009-07-01 11:04 rate limit by MAC Самусенко Андрей
2009-07-01 11:48 ` Richard Horton
2009-07-01 13:19   ` Самусенко Андрей [this message]
2009-07-01 15:44   ` Jorge Bastos
2009-07-01 16:19     ` Покотиленко Костик
2009-07-01 17:54       ` Jorge Bastos
2009-07-02  8:33         ` Покотиленко Костик

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4A4B6279.6040504@msm.ru \
    --to=samusenko@msm.ru \
    --cc=arimus.uk@googlemail.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox