Re: Using iptables for throttling SMTP traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi Alex!


I've set up a few basic rules to throttle SMTP traffic from an
individual host should they make more than 10 connections in ten
seconds:
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set 
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
recent --update --seconds 10 --hitcount 10 -j LOG
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
recent --update --seconds 10 --hitcount 10 -j DROP

Is this the correct way to do this? I notice the seconds value can't
be any greater than 20. What is the reason for this? I'd like to do
something like permit up to 100 messages/connections over any
60-second period. Is this possible?


It is possible, but if your kernel supports it I don't know.

You can do:
# rmmod ipt_recent
# modprobe ipt_recent ip_pkt_list_tot=100
If you get the info that ipt_recent can't be removed because it's in use you must remove all 'recent' rules in your firewall table first. Then try it again. 

But be careful !!!!!!!
I had set the values to hight. First everything worked fine. No error message when I did # iptables -A INPUT -p udp --dport 5060 -m recent --name DENIAL_OF_SERVICE --update --rttl --seconds 1 --hitcount 10 -j DROP # iptables -A INPUT -p udp --dport 5060 -m recent --name DENIAL_OF_SERVICE --update --rttl --seconds 100 --hitcount 200 -j DROP # iptables -A INPUT -p udp --dport 5060 -m recent --name DENIAL_OF_SERVICE --set -j ACCEPT 
and
# /sbin/iptables -L --line-numbers -v -n
also showed that this was installed.
Then I rebooted the server and ... nothing. I wasn't able to get in contact with my server again!!!!!!!!! I had to access the Hard-disk booting from other system to fix it back to the default values. Then it worked again, but only with the default max of --hitcount 20 :-( 

Regards

Detlef Pilzecker
Weitlahnerstraße 8
D - 83209 Prien am Chiemsee 
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux