IPtables rate limiting question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello, I'm trying to implement a rate limiting for my machine using
iptables. The use case is to do 2 things:

1) block traffic from the same ip+port combination for 15 minutes if
it gets more than 10 hits per minute.

2) block traffic from the same ip for 30 minutes if it gets more than
80 hits per minute.

For this I'm currently using these rules:

1) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit
--hashlimit-above 10/minute --hashlimit-burst 10 --hashlimit-mode
srcip,dstport --hashlimit-name test10 --hashlimit-htable-expire 900000
-j ACCEPT

2) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit
--hashlimit-above 80/minute --hashlimit-burst 80 --hashlimit-mode
srcip --hashlimit-name test80 --hashlimit-htable-expire 1800000 -j
ACCEPT

But it's not quite working, as soon as it gets on the list, if you get
another hit the timer gets reset to the default expire time and it
gets blocked on the first try even if after the expire. So are there
any suggestions on how to achieve the use case or what i'm doing
wrong?

Thank you,
Francisco




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux