V
V
Vitaly2015-09-18 18:04:38
iptables
Vitaly, 2015-09-18 18:04:38

How to set incoming packet limit in IPtables?

Good day, please help me to make a rule for IPtables, you need to: limit incoming packets to UDP port 8911, no more than 500 packets per second from one 1 IP.

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vladimir, 2015-09-18
@llateV

so for all traffic per port

iptables -A INPUT -p udp --dport 8911 -m limit --limit 500/sec --limit-burst 500 -j ACCEPT
iptables -A INPUT -p udp --dport 8911 -j DROP

you can still do this, taking into account one source, tk. no more than 500/sec from one IP
iptables -A INPUT -p udp --dport 8911 -m hashlimit --hashlimit-name toster --hashlimit-upto 500/sec --hashlimit-mode srcip --hashlimit-srcmask 32 -j ACCEPT
iptables -A INPUT -p udp --dport 8911 -j DROP

hashlimit-srcmask - CIDR how big network we filter (32 - one IP, 24 - subnet of 256, etc.)

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question