Re: rate limit by MAC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thank you, Richard.
I don't knew about changing MAC on each router.
My question have not sense.
How to fight with IP spoofing? =)

Richard Horton wrote:
2009/7/1 Самусенко Андрей <samusenko@xxxxxx>:
Hi!

Can iptables limit rate by MAC? Think it no.

What on Linux can do how i need?

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


You might be able to...

iptables -A FORWARD -m mac --mac-source <<mac address>> -m limit
--limit 100/s -j ACCEPT would restrict the given mac address to 100
packets per second... but depending on how many mac addresses you have
it might be too much to enter each rule...

The hashlimit might be better if you can use ip addresses instead of
mac addresses.

--
Richard Horton
Users are like a virus: Each causing a thousand tiny crises until the
host finally dies.
http://www.solstans.co.uk - Solstans Japanese Bobtails and Norwegian Forest Cats
http://www.pbase.com/arimus - My online photogallery

--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux