~ IPTables : Limit Incoming UDP Packets With a Certain Length ~ | Unix Linux Forums | Security

  Go Back    


Security Discuss UNIX and Linux computer and network security, cyber security, cyber attacks, IT security, and more.

~ IPTables : Limit Incoming UDP Packets With a Certain Length ~

Security


Tags
iptables, linux, network, packets, udp

Closed Thread    
 
Thread Tools Search this Thread Display Modes
    #1  
Old 04-05-2009
tomboy123 tomboy123 is offline
Registered User
 
Join Date: Apr 2009
Last Activity: 5 April 2009, 11:48 AM EDT
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Error ~ IPTables : Limit Incoming UDP Packets With a Certain Length ~

Hello,

I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).

Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.

The modules that should work perfectly for this type of "rule set" are;

- Limiting module
- Length module

Both of which are installed / compiled with the kernel/IPTables correctly and functioning.

I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.

Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?

Code:
iptables -N CHECK1
iptables -A INPUT -p udp -m length --length 20 -j CHECK1
iptables -A CHECK1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A CHECK1 -j DROP

Any help would be appreciated. Thanks ahead of time!
Sponsored Links
    #2  
Old 04-15-2009
otheus's Avatar
otheus otheus is offline Forum Advisor  
Smartass
 
Join Date: Feb 2007
Last Activity: 24 February 2014, 8:14 AM EST
Location: Innsbruck, Austria
Posts: 2,143
Thanks: 12
Thanked 47 Times in 44 Posts
I'm not sure, but the second "-m length --length 20" is redundant. You only get to that table if this condition is true. What I'm not clear about the length module is if it is the rule that gets limited or something else. If it's the rule, then this would drop any packet over 20 bytes after there have been 5 per second.

Do you want to limit it by IP address? Then I recommend you use the "recent" feature:


Code:
iptables -N CHECK1
iptables -A INPUT -p udp -m length --length 20 -j CHECK1

iptables -A CHECK1 -m recent --name longudp --rcheck 1 --hitcount 5 -j DROP
iptables -A CHECK1 -m recent --name longudp --set -j RETURN

Sponsored Links
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
What the command to find out the record length of a fixed length file? tranq01 UNIX for Dummies Questions & Answers 9 12-04-2008 03:04 PM
Forwarding internal internet packets to internal webserver using iptables mshindo UNIX for Advanced & Expert Users 1 11-12-2008 03:10 AM
limit of command length Anta UNIX for Dummies Questions & Answers 2 10-11-2008 04:08 PM
Is the Length of User ID for AIX Limit to 8 Characters? meihua_t AIX 2 04-07-2008 02:04 AM
grep line length limit hnhegde Shell Programming and Scripting 3 10-02-2006 11:47 AM



All times are GMT -4. The time now is 11:49 PM.