- Subject: iptable rate limit challenge.. help please..!
- From: José Pablo Pérez <josepablo@xxxxxxxxxxxx>
- Date: Thu, 07 Jun 2012 15:40:38 -0600
- User-agent: Internet Messaging Program (IMP) H3 (4.1.4)
I have CentOS and iptables with GeoIP module enabled,
So far I have this rule working which works perfect:
iptables -I INPUT -m geoip --src-cc GB -j DROP;
But i need to make it more complex:
Before dropping traffic I need to:
allow up to a connection limit of 50 for the entire country.
allow up to 30 requests/second to the entire country.
drop the particular IPs with -m recent and a timeout of 3800 for those
IPs from that country that violated that limit.
And finally log whatever has been dropped with excessive logging protection.
A plus.. if I can get to DROP the entire class C (/24) of the
offending IP that violated the limits instead of just the /32
My idea is to get a working example so that I can apply it to other
countriesor groups of contries based on my traffic.
Guys an example of this is much appreciated!!
Regards,
Joseph
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
[Linux Netfilter Development]
[Linux Kernel Networking Development]
[Linux Kernel Development]
[Linux Resources]
[Advanced Routing & Traffice Control]
[Bugtraq]
[Free Internet Dating]
[Yosemite Forum]
[Photos]
