On 01/31/2014 10:25 AM, T wrote: > On 2014-01-31 18:25, Scott Baker wrote: > Hello! > > I use this. ( That as said earlier was posted on this list ) > > iptables -A INPUT -i eth0 -p udp --dport 123 -m recent --name > toomuchntp --set > iptables -A INPUT -i eth0 -p udp --dport 123 -m recent --name > toomuchntp --rcheck --seconds 50 --hitcount 10 -j DROP > ip6tables -A INPUT -i tmbergTB -p udp --dport 123 -m recent --name > toomuchntp --set > ip6tables -A INPUT -i tmbergTB -p udp --dport 123 -m recent --name > toomuchntp --rcheck --seconds 50 --hitcount 10 -j DROP > > > Thats has generated this since i rebooted around 15hours ago: > > 4770K 363M udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:123 recent: SET name: toomuchntp side: > source mask: 255.255.255.255 > 79762 6062K DROP udp -- eth0 * 0.0.0.0/0 > 0.0.0.0/0 udp dpt:123 recent: CHECK seconds: 50 hit_count: > 10 name: toomuchntp side: source mask: 255.255.255.255 > > 28276 2714K udp tmbergTB * ::/0 > ::/0 udp dpt:123 recent: SET name: toomuchntp side: > source mask: ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff > 0 0 DROP udp tmbergTB * ::/0 > ::/0 udp dpt:123 recent: CHECK seconds: 50 hit_count: > 10 name: toomuchntp side: source mask: > ffff:ffff:ffff:ffff:ffff:ffff:ffff:ffff
I implemented something very similar less than 30 minutes ago and now I have this: Chain INPUT (policy ACCEPT 23138 packets, 4692K bytes) pkts bytes target prot opt in out source destination 2786K 102M udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 recent: SET name: NTPTRAFFIC side: source mask: 255.255.255.255 2745K 99M DROP udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 recent: UPDATE seconds: 30 hit_count: 10 name: NTPTRAFFIC side: source mask: 255.255.255.255 40412 3075K ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123 *2.7 million* blocked packets in less than 30 minutes! -- Scott Baker - Canby Telcom System Administrator - RHCE - 503.266.8253 _______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
