The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security
Reload this Page ~ IPTables : Limit Incoming UDP Packets With a Certain Length ~
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read



Thread: ~ IPTables : Limit Incoming UDP Packets With a Certain Length ~
View Single Post in the UNIX and Linux Forums - Click on the Thread or Permalink to View Entire Thread -->
  #1 (permalink)  
Old 04-05-2009
tomboy123 tomboy123 is offline
Registered User
  
 

Join Date: Apr 2009
Posts: 2
Exclamation ~ IPTables : Limit Incoming UDP Packets With a Certain Length ~
Hello,

I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).

Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.

The modules that should work perfectly for this type of "rule set" are;

- Limiting module
- Length module

Both of which are installed / compiled with the kernel/IPTables correctly and functioning.

I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.

Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?

Code:
iptables -N CHECK1
iptables -A INPUT -p udp -m length --length 20 -j CHECK1
iptables -A CHECK1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A CHECK1 -j DROP

Any help would be appreciated. Thanks ahead of time!