Hi Jo, I need to add flood protection feature to firewall.
The ratelimit section parameters would be: proto, src_port, dest_port, family, global_limit, global_burst, per_srcip_limit, per_srcip_burst, per_srcip_mask, per_srcip_buckets. These rules will have effect on a raw table user chain called ratelimits, linked with PREROUTING chain and populated with rules such as these: iptables -t raw -A ratelimits -p ... -m hashlimit --hashlimit-mode srcip --hashlimit-name <name derived from section name> --hashlimit-above <per_srcip_limit>/second --hashlimit-burst <per_srcip_burst> --hashlimit-htable-size <per_srcip_buckets> -j DROP iptables -t raw -A ratelimits -p ... -m limit --limit <global_limit>/second --limit-burst <global_burst> -j RETURN iptables -t raw -A ratelimits -p ... -j DROP Would you be interested in such feature? If the answer is yes I will prepare a firewall patch, otherwise I will have to implement it in the form of a firewall script. Cheers, Alin _______________________________________________ Lede-dev mailing list Lede-dev@lists.infradead.org http://lists.infradead.org/mailman/listinfo/lede-dev
