Mikhail wrote:
I've placed this filter in mangle table before I do my DNAT. I've also added the rule to clean up recent list in case of RST type of disconnect. It seems to me though that script in this version has a flaw. Let's say someone creates 2 instances of the same application with the same source address and then closes one of them. I think this will effectively kill MSSQL connection for the remaining instance. Is there any way to count RMI connections originated from the same source IP and then start dropping MSSQL requests only in case that count reaches 0?
Yes you're right. What you could do is not look at fin and rst packets, but use the timing feature of the recent module. Use a large timeout. So what you want is , if there has been activity from this ip address in the past X seconds on the RMI port, allow the mssql port.
Obviously that will not work if there has been no activity on the RMI port recently (or in case you have a lot of connections, the connection got evicted by recent for a newer one). But if rmi activity always occurs shortly before opening a connection to mssql it should do the trick.
HTH, M4
