Jason Bratton wrote: > Steven Stromer wrote: >> I want to rate limit queries to mitigate threat of Polyakov-styled >> attack, but I can't find anything on iptables rate limiting based on >> bits, bytes, or Mb / time (as opposed to packets/time). I looked > > Not to sound like I'm advocating this approach, because I'm not, but you > would want to check out the limit and recent modules. If you have them > loaded or compiled in, just run iptables -m limit --help and iptables -m > recent --help. You probably want recent since it will let you do this > per IP.
Sorry, I completely missed the part about wanting the size of the packets and not a per packet count. I don't think it's possible with iptables, but I may be mistaken. -- Jason Confidentiality Notice: This e-mail message (including any attached or embedded documents) is intended for the exclusive and confidential use of the individual or entity to which this message is addressed, and unless otherwise expressly indicated, is confidential and privileged information of Rackspace. Any dissemination, distribution or copying of the enclosed material is prohibited. If you receive this transmission in error, please notify us immediately by e-mail at [EMAIL PROTECTED], and delete the original message. Your cooperation is appreciated.
