I have D-Link Router DSL-2730U that support busybox OS and iptables version 1.4.0
I managed successfully to block the host for being connect to the internet using the following command
block by ip address
Or By mac source
The only problem now i have is trying to limit transfer speed rate (upload & download) to be only serve 30/kbps by MAC Address using iptables
I tried to make iptables rule like
But it didn't work
Note : this router cannot modify , delete or add any files . i cannot make a bash or script file inside the router run , and unfortunately the iptables connlimit module not supported in this iptables version too
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess... (1 Reply)
I analysed disk performance with blktrace and get some data:
read:
8,3 4 2141 2.882115217 3342 Q R 195732187 + 32
8,3 4 2142 2.882116411 3342 G R 195732187 + 32
8,3 4 2144 2.882117647 3342 I R 195732187 + 32
8,3 4 2145 ... (1 Reply)
Hi,
I am experiencing extremely show transfer rates when transferring zip files over SFTP. Over FTP it works fine.
I have disabled compression in the sshd_config file but that does not seem to help..
Any ideas? (0 Replies)
hi guys
I have a linux server which has about 5 volumes from SAN (fiber channel) now I need to measure the transfer rate between one LUN which is a Logical Volume to another LUN which is another Logical Volume.
so basically this server has 5 LUNs from SAN
each SAN volume is a logical volume... (3 Replies)
I am having an issue with iptables. My server is a RHEL6 64bit system.
In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect.
However, when I turn iptables on and add a... (1 Reply)
Hi,
Sorry for my english. I need a shell script. .
If IP make more than 300 connection attempts to port:80 within 10 seconds
I want block it for 3600 second in iptables.
Thank you ver much for help. (2 Replies)
Dear All,
I have a problem with the transfer speed between 2 hosts on my local network (LAN).
At home, I have a switch (NETGEAR GS105 ProSafe 5-Port Gigabit Ethernet Desktop Switch) which obviously supports Gigabit Ethernet, 2 boxes (intel NUC DC3217IYE Barebone PC and Gygabyte BRIX GB-XM12... (7 Replies)
Hi,
I've been struggling with this all morning and seem to have a blind spot on what the problem is. I'm trying to use iptables to block traffic on a little cluster of raspberry pi's but to allow ssh and ping traffic within it.
The cluster has a firewall server with a wifi card connecting to... (4 Replies)
Hello,
I did 2 scripts. The second one is, I hope, more secure.
What do you think?
Basic connection (no server, no router, no DHCP and the Ipv6 is disabled)
#######script one
####################
iptables -F
iptables -X -t filter
iptables -P INPUT DROP
iptables -P FORWARD... (6 Replies)
Hello,
I thought twice before posting. I am sorry, I know you will say "this is not linux originated issue"
Does anybody know how to get rid of bulk email warning of gmail?
The problem is called "Unsolicited Rate Limit Error". We have been using google's mail service free of charge in our office... (3 Replies)
Discussion started by: baris35
3 Replies
LEARN ABOUT CENTOS
iptables-xml
IPTABLES-XML(1) iptables 1.4.21 IPTABLES-XML(1)NAME
iptables-xml -- Convert iptables-save format to XML
SYNOPSIS
iptables-xml [-c] [-v]
DESCRIPTION
iptables-xml is used to convert the output of iptables-save into an easily manipulatable XML format to STDOUT. Use I/O-redirection pro-
vided by your shell to write to a file.
-c, --combine
combine consecutive rules with the same matches but different targets. iptables does not currently support more than one target per
match, so this simulates that by collecting the targets from consecutive iptables rules into one action tag, but only when the rule
matches are identical. Terminating actions like RETURN, DROP, ACCEPT and QUEUE are not combined with subsequent targets.
-v, --verbose
Output xml comments containing the iptables line from which the XML is derived
iptables-xml does a mechanistic conversion to a very expressive xml format; the only semantic considerations are for -g and -j targets in
order to discriminate between <call> <goto> and <nane-of-target> as it helps xml processing scripts if they can tell the difference between
a target like SNAT and another chain.
Some sample output is:
<iptables-rules>
<table name="mangle">
<chain name="PREROUTING" policy="ACCEPT" packet-count="63436" byte-count="7137573">
<rule>
<conditions>
<match>
<p>tcp</p>
</match>
<tcp>
<sport>8443</sport>
</tcp>
</conditions>
<actions>
<call>
<check_ip/>
</call>
<ACCEPT/>
</actions>
</rule>
</chain>
</table> </iptables-rules>
Conversion from XML to iptables-save format may be done using the iptables.xslt script and xsltproc, or a custom program using libxsltproc
or similar; in this fashion:
xsltproc iptables.xslt my-iptables.xml | iptables-restore
BUGS
None known as of iptables-1.3.7 release
AUTHOR
Sam Liddicott <azez@ufomechanic.net>
SEE ALSO iptables-save(8), iptables-restore(8), iptables(8)iptables 1.4.21 IPTABLES-XML(1)