Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
Hello and Welcome from United States to the UNIX and Linux Forums! Thank You for Visiting and Joining Our Global Community.
|
|
google unix.com
|
|||||||
| Forums | Register | Forum Rules | Links | Albums | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
 |
| Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more. |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| What the command to find out the record length of a fixed length file? | tranq01 | UNIX for Dummies Questions & Answers | 9 | 12-04-2008 04:04 PM |
| Forwarding internal internet packets to internal webserver using iptables | mshindo | UNIX for Advanced & Expert Users | 1 | 11-12-2008 04:10 AM |
| limit of command length | Anta | UNIX for Dummies Questions & Answers | 2 | 10-11-2008 04:08 PM |
| Is the Length of User ID for AIX Limit to 8 Characters? | meihua_t | AIX | 2 | 04-07-2008 02:04 AM |
| grep line length limit | hnhegde | Shell Programming and Scripting | 3 | 10-02-2006 11:47 AM |
 |
|
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-05-2009
|
||||
|
||||
~ IPTables : Limit Incoming UDP Packets With a Certain Length ~
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2). Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP. The modules that should work perfectly for this type of "rule set" are; - Limiting module - Length module Both of which are installed / compiled with the kernel/IPTables correctly and functioning. I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through. Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be? Code: iptables -N CHECK1 iptables -A INPUT -p udp -m length --length 20 -j CHECK1 iptables -A CHECK1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT iptables -A CHECK1 -j DROP Any help would be appreciated. Thanks ahead of time! |
|
04-15-2009
|
|||||
|
|||||
|
I'm not sure, but the second "-m length --length 20" is redundant. You only get to that table if this condition is true. What I'm not clear about the length module is if it is the rule that gets limited or something else. If it's the rule, then this would drop any packet over 20 bytes after there have been 5 per second.
Do you want to limit it by IP address? Then I recommend you use the "recent" feature: Code:
iptables -N CHECK1 iptables -A INPUT -p udp -m length --length 20 -j CHECK1 iptables -A CHECK1 -m recent --name longudp --rcheck 1 --hitcount 5 -j DROP iptables -A CHECK1 -m recent --name longudp --set -j RETURN |
| Sponsored Links | ||
|
|
|
| Bookmarks |
| Tags |
| iptables, linux, network, packets, udp |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
