📜 ⬆️ ⬇️

Packet restrictions on iptables port

The port is open, how to set limits on the number of packets that a user can send to this port? For example 10 per second?

$IPTABLES -A INPUT -p tcp --dport 3724 -m state --state ESTABLISHED,RELATED -j ACCEPT $IPTABLES -A INPUT -p tcp --dport 3724 -m hashlimit --hashlimit-upto 10/sec --hashlimit-mode srcip,dstip --hashlimit-name Packets --hashlimit-htable-expire 60000 -j ACCEPT $IPTABLES -P INPUT DROP

but something is not working, what is the error?

user_21

68 1 silver mark 9 bronze marks

I may be mistaken, but what you are describing is similar to traffic shaping - limiting the bandwidth of the channel, and is solved by means of not only iptables (for example, also tc -Traffic Control) - lospejos
See also here: habrahabr.ru/post/119611 - lospejos

|

0

Source: https://ru.stackoverflow.com/questions/598849/

All Articles