[rlug] Re: apache: limitare conexiuni/IP

Serghei Gutanu Fri, 17 Jun 2005 08:15:58 -0700

presupun ca asta vrei sa faci:

$fw -A FLOOD -p tcp --syn --dport http -m iplimit --iplimit-above 
<nr-conexiuni> -j REJECT --reject-with host-unreach


Best regards,
Serghei Gutanu

On Fri, 17 Jun 2005, Remus Anca wrote:

> Date: Fri, 17 Jun 2005 17:54:19 +0300
> From: Remus Anca <[EMAIL PROTECTED]>
> Reply-To: [email protected]
> To: Serghei Gutanu <[email protected]>
> Subject: [rlug] Re: apache: limitare conexiuni/IP
> 
> Hello Serghei,
>
> Friday, June 17, 2005, 14:39:14, you wrote:
>
>
> SG> modprobe ipt_iplimit
> SG> iptables -m iplimit --iplimit-above <nr-conexiuni> -j REJECT 
> --reject-with host-unreach
>
>
>
> ok. da chestia asta se refera la numarul de conexiuni efective, sau la
> numarul de cereri simultane de la un acelasi IP? asta e intrebarea ...
>
>
> pot sa o folosesc ca mai jos, si imi contorizeaza numai syn'urile? sau
> la ce se refera acest ip-limit?
>
> $fw -N FLOOD
> $fw -A FLOOD -p tcp -d 0/0 --dport 53 -j ACCEPT
> $fw -A FLOOD -m iplimit --iplimit-above <nr-conexiuni> -j REJECT 
> --reject-with host-unreach
> $fw -A FLOOD -m limit --limit 1/second -j RETURN
> $fw -A FLOOD -j DROP
>
> $fw -P INPUT DROP
> ...
> $fw -A INPUT -p tcp --syn -j FLOOD
>
>
> ---
> Detalii despre listele noastre de mail: http://www.lug.ro/
>
>
>

--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

[rlug] Re: apache: limitare conexiuni/IP

Raspunde prin e-mail lui