04-05-2009
~ IPTables : Limit Incoming UDP Packets With a Certain Length ~
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.
The modules that should work perfectly for this type of "rule set" are;
- Limiting module
- Length module
Both of which are installed / compiled with the kernel/IPTables correctly and functioning.
I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.
Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?
Code:
iptables -N CHECK1
iptables -A INPUT -p udp -m length --length 20 -j CHECK1
iptables -A CHECK1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
iptables -A CHECK1 -j DROP
Any help would be appreciated. Thanks ahead of time!
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
Hi Friends,
I am having a funny problem with grep. When I run
grep 'expr' file.txt
things work fine. But when try to get the line number using the -n option, i.e,
grep -n 'expr' file.txt
I get a message, "grep: 0652-226 Maximum line length of 2048 exceeded."
If the line has more than... (3 Replies)
Discussion started by: hnhegde
3 Replies
2. IP Networking
Hi All,
I am running a IPv6 UDP server, which is bound to in6addr_any. When I send a packet from a client to the link-local address of any interface on the linux box, the server accepts the packets. But when I send the packets to the global address the server doesnt pick the packets.
On... (0 Replies)
Discussion started by: muralia
0 Replies
3. UNIX for Dummies Questions & Answers
Hi!
Can you please help me with one question?
Does rexec command have some limitation of the length of the deliveded cmd?
Thanks in advance,
Anta (2 Replies)
Discussion started by: Anta
2 Replies
4. Shell Programming and Scripting
I am trying to use the following code:
awk '{s=$0;if(length(s) < 750){getline; s=s " " $0}printf("%s\n",s)}' filename
but an error shows that 'awk' is too long. Is there a limit to the awk length function? and what could be an alternate solution for long fixed width records?
The code... (3 Replies)
Discussion started by: CKT_newbie88
3 Replies
5. Programming
Is there any stabdard limitation on size of a code line in C code?
I am interesting in UNIX limitation, particulary on SUN.
Thanks! (8 Replies)
Discussion started by: alex_5161
8 Replies
6. UNIX for Dummies Questions & Answers
Hi all,
I am new to Linux kernel.
we have a c file that counts the no. of sends and received packets in each interface, and indicate the user about the error/drop ration of incoming and outgoing packets.
in our Linux box , the incoming packets are dropped at random interval.
we have our... (1 Reply)
Discussion started by: kannandv
1 Replies
7. IP Networking
hello,
can anyone suggest how to delay the incoming packets ??
or how the packets are prossed inside the kernal and a way to make the packets wait a while??
it wud be vry helpful
regards
sameer (7 Replies)
Discussion started by: sameer kulkarni
7 Replies
8. Linux
I am looking for an iptables command to allow incoming UDP packets for my Linux server
also is there a command I can use to set the default action for outgoing packets to accept?
Thank you (1 Reply)
Discussion started by: crimputt
1 Replies
9. IP Networking
Hello, I'm trying to route all packets arriving at a particular interface by entering the same interface
the virtual interface eth1: 2 and now everything is routed by default gw configured on eth1.
eth1 Link encap:Ethernet HWaddr 0a:0e:64:18:52:72
inet addr:192.168.10.15
eth1:2 ... (1 Reply)
Discussion started by: faka
1 Replies
10. IP Networking
Hi folks,
I have a debian server running an Apache daemon on the eth0 interface. Now from time to time the server has to open an openvpn connection (tun0) to other networks to get some data from there. During this period the Apache is no longer reachable under it's IP address on eth0 because all... (6 Replies)
Discussion started by: flyingwalrus
6 Replies
LEARN ABOUT DEBIAN
jack.udp
JACK.UDP(1) JACK.UDP(1)
NAME
jack.udp - JACK UDP Transport Client
SYNOPSIS
jack.udp [options] send|recv
OPTIONS
-b : Set the ring buffer size in frames (default=4096). -c : Set the client name (default=jack.udp-PID). -n : Set the number of channels,
and therefore the number of JACK ports (default=2). -p : Set the port number (default=57160). -r : The remote host name, for use in send
mode (default="127.0.0.1").
DESCRIPTION
jack.udp is a UDP audio transport mechansim for JACK. The send mode reads signals from a set of JACK input ports and sends UDP packets to
the indicated port at the indicated host at a rate determined by the local JACK daemon. The recv mode reads incoming packets at the indi-
cated port and writes the incoming data to a set of JACK output ports at a rate that is determined by the local JACK daemon.
This transport mechanism is unreliable. Both send and recv clients will report buffer overflow and underflow occurences, and recv clients
will report dropped and out-of-order packets, and shutdown on channel mismatch packets. In practice this mechanism can be made highly reli-
able over local networks.
jack.udp implements no connection logic, use jack.plumbing(1) instead.
EXAMPLE
192.0.0.1:~$ jack.udp -r 192.0.0.2 send
192.0.0.2:~$ jack.udp recv
AUTHOR
Rohan Drape http://slavepianos.org/rd/
SEE ALSO
jackd(1)
AUTHOR
Rohan Drape <rd@slavepianos.org>
Author.
01/10/2012 JACK.UDP(1)