Thomas Luening <toml@xxxxxxx> wrote:
> These are my Test-Rules how to understand "meter"... in a local
> simulation against synflag-flooding. Regular Traffic will be
> accepted, an unregular amount of packets will be dropped.
> As you can see, for all unregular Packets (forced by me)
> the SADDR is temporarly stored in the table "synflg-meter".
>
> How can I use those entries to block the IP completely
> until the timer is off. Is that even possible?
Yes, but not with meters. Something like this might work:
table ip tfilter {
set synflood {
type ipv4_addr
flags timeout
timeout 15s
gc-interval 10s
size 100000
}
chain input {
type filter hook input priority 0; policy accept;
ct state established,related accept
ip saddr @synflood drop
tcp flags syn limit rate 1/second burst 3 packets accept
tcp flags syn set add ip saddr @synflood reject with tcp reset
}
}
