From: Francisco Agostinho <f.agostinho123@gmail.com>
To: netfilter@vger.kernel.org
Subject: IPtables rate limiting question
Date: Fri, 25 Oct 2024 16:19:22 +0100 [thread overview]
Message-ID: <CAMa3rT49eeJT-rKdrVRXyfQd91cvQy=Cid55X2RFEpP4P5hFJg@mail.gmail.com> (raw)
Hello, I'm trying to implement a rate limiting for my machine using
iptables. The use case is to do 2 things:
1) block traffic from the same ip+port combination for 15 minutes if
it gets more than 10 hits per minute.
2) block traffic from the same ip for 30 minutes if it gets more than
80 hits per minute.
For this I'm currently using these rules:
1) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit
--hashlimit-above 10/minute --hashlimit-burst 10 --hashlimit-mode
srcip,dstport --hashlimit-name test10 --hashlimit-htable-expire 900000
-j ACCEPT
2) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit
--hashlimit-above 80/minute --hashlimit-burst 80 --hashlimit-mode
srcip --hashlimit-name test80 --hashlimit-htable-expire 1800000 -j
ACCEPT
But it's not quite working, as soon as it gets on the list, if you get
another hit the timer gets reset to the default expire time and it
gets blocked on the first try even if after the expire. So are there
any suggestions on how to achieve the use case or what i'm doing
wrong?
Thank you,
Francisco
next reply other threads:[~2024-10-25 15:19 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-25 15:19 Francisco Agostinho [this message]
2024-10-25 18:12 ` IPtables rate limiting question Kerin Millar
2024-10-25 20:13 ` Slavko
2024-10-25 21:37 ` Kerin Millar
2024-10-26 10:23 ` Reindl Harald
2024-10-26 11:05 ` Kerin Millar
2024-10-26 11:15 ` Reindl Harald
[not found] ` <CAMa3rT6WZXDaUhvfjmWL8+_Jun-2M4zGqr2U4OBig7Z7LrDpgQ@mail.gmail.com>
2024-10-31 12:15 ` Francisco Agostinho
2024-10-31 12:28 ` Reindl Harald
2024-10-31 12:20 ` Francisco Agostinho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAMa3rT49eeJT-rKdrVRXyfQd91cvQy=Cid55X2RFEpP4P5hFJg@mail.gmail.com' \
--to=f.agostinho123@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).