Global logging limit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Hi,
I am trying to enforce a global logging limit on my rule set. I would to like to be able to refer log entries to the causing rule too. 

Here is what I am thinking of:


-N LogLimit
-A LogLimit -m limit --limit 3333/sec --limitburst 3000 -m MARK --set-mark $LOGGING_MARK 
-A LogLimit -j RETURN

....

-A ruleid:7906::: -p tcp -m tcp --dport 21 -j LogLimit
-A ruleid:7906::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2 --nflog-prefix "DROP by 7906" 
-A ruleid:7906::: DROP

....

-A ruleid:7910::: -p tcp -m tcp --dport 389 -j LogLimit
-A ruleid:7910::: -m MARK --mark $LOGGIN_MARK -j NFLOG --nflog-group 2 --nflog-prefix "DROP by 7910" 
-A ruleid:7910::: DROP
Would I be paying a lot in term of performance by sending all dropped packets to the LogLimit chain ? I am using ulogd2, would it be better to put the limit in ulogd2 ? 

Regards,

  -salih
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux