Hi, I'm not an expert in netfilter & new to this mailing-list also :) but i had come across a situation to defend against DDOS using iptables. I used recent module "if the one host create more than 20 session during 100 seconds drop the packet." iptables -I FORWARD -p tcp --dport 80 -i bridge0 -m state --state NEW -m recent --set iptables -I FORWARD -p tcp --dport 80 -i bridge0 -m state --state NEW -m recent --update --seconds 100 --hitcount 20 -j DROP source code: http://www.il.is.s.u-tokyo.ac.jp/lxr-xp/source/net/netfilter/xt_recent.c (other netfilter code also available ) The hit file saved here : /proc/net/xt_recent/DEFAULT I hope this will help you . Regards, Gobinath. On Tue, Oct 13, 2009 at 10:47 PM, Balaji Venkatamohan <bvenkat@xxxxxxxx> wrote: > Hi, > > I want to know how the limit match works. When we are trying to restrict > the number of packets sent by a particular IP to, say, 3 / hour, we use a > iptable rule like > > iptables -A INPUT -s 127.0.0.1 -m limit --limit-burst 5 > > I want to know how and where the count is stored. Are they checked for > previous entries using netfilter log? Also, Can you please tell me the .c > file in the netfilter source code which deals with handling various match > and target extensions. If you can send me a link to any tutorial that > deals with linux network programming then that will be great. > > Thanks and Regards, > Balaji > -- > To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
