* Global logging limit
@ 2010-11-19 15:38 Salih Gönüllü
0 siblings, 0 replies; only message in thread
From: Salih Gönüllü @ 2010-11-19 15:38 UTC (permalink / raw)
To: netfilter
Hi,
I am trying to enforce a global logging limit on my rule set. I would to
like to be able to refer log entries to the causing rule too.
Here is what I am thinking of:
-N LogLimit
-A LogLimit -m limit --limit 3333/sec --limitburst 3000 -m MARK
--set-mark $LOGGING_MARK
-A LogLimit -j RETURN
....
-A ruleid:7906::: -p tcp -m tcp --dport 21 -j LogLimit
-A ruleid:7906::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2
--nflog-prefix "DROP by 7906"
-A ruleid:7906::: DROP
....
-A ruleid:7910::: -p tcp -m tcp --dport 389 -j LogLimit
-A ruleid:7910::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2
--nflog-prefix "DROP by 7910"
-A ruleid:7910::: DROP
Would I be paying a lot in term of performance by sending all dropped
packets to the LogLimit chain ? I am using ulogd2, would it be better to
put the limit in ulogd2 ?
Regards,
-salih
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2010-11-19 15:38 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-11-19 15:38 Global logging limit Salih Gönüllü
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).