RE: Accept clients that were seen at least twice only

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

One short question , do you mean clients that send you 2 or more SYN packets in the same session ?

Or just send ANY 2 packets in the same "session" , or even "worse" 2 times whatever the packet type ?


Best regards
André Paulsberg-Csibi
Senior Network Engineer 
Fault Handling
EVRY Nordic Operations AS
andre.paulsberg-csibi@xxxxxxxx
M +47 9070 5988




-----Original Message-----
From: netfilter-owner@xxxxxxxxxxxxxxx [mailto:netfilter-owner@xxxxxxxxxxxxxxx] On Behalf Of Jeff
Sent: 26. august 2015 14:22
To: netfilter@xxxxxxxxxxxxxxx
Subject: Accept clients that were seen at least twice only

Hello everybody,

I am looking for a way to accept traffic from clients only if they were 
seen at least twice. This shall be part of a firewall concept which 
protects the target from random floods where source IPs are usually only 
seen once since they are random.
I cannot use the --state ESTABLISHED here because this requires a 
complete handshake (for TCP). I'm okay with the first packet not 
matching this rule as long as the 2nd one does. I'm looking forward to 
reading your ideas!


Best,
Jeff
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
��.n��������+%������w��{.n����z��׫�)��jg��������ݢj����G�������j:+v���w�m������w�������h�����٥
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux