Rate Limiting After a Threshold

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm new to IP Tables in general, but I've been able to whack away at the rules to get connlimit to do what I want. Now I'm trying to do something more sophisticated, but it doesn't seem to work.

My ultimate goal is to allow most Web users to access my site, but to slow down the abusers. So, for example, I want to let in the first 10 HTTP connections in, and then after that, limit that IP to only 20 connections per minute afterwards. (And then after a certain point, connlimit will block any additional connections by that IP.)

I'm using a vanilla 2.6.21.3 Linux kernel, but I can't figure out how to do it.

I think hashlimit is the key, but it really just doesn't want to work for me. For example, I've tried:

    iptables -A INPUT -p tcp --dport 23 -m hashlimit --hashlimit 1/hour
      --hashlimit-mode srcip --hashlimit-burst 1 --hashlimit-name test
      -j REJECT

but I can open up more than 1 telnet session in under a minute, let alone an hour.

I've read and re-read the hashlimit man page, tried various arguments that I've found on on the Web, all to now avail.

  Any and all suggestions are welcomed.

  Thanks.

						John

--
+-------------------------------------+-------------------------------------+
| John Jung (john.j.jung@xxxxxxxxxxx) |    Siemens Automation and Drives    |
|           Support Engineer          |           UGS PLM Software          |
|       Customer Support - GTAC       |     10824 Hope Street, MS: 1177     |
|       Operating Systems Group       |      Cypress, California 90630      |
+--------------------------- +1 (800) 955-0000 -----------------------------+



[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux