On 5/27/11 6:33 AM, [email protected] wrote: > I am trying to limit packets per second on the Internet interface > (eth0) of my Shorewall server. I know that Shorewall does not support > this directly so I need to add something in the started file. Can anyone > point me in the right direction? I have tried a couple things but so far > nothing has worked. > > /sbin/iptables -A OUTPUT -o eth0 -m limit --list 2000/sec -j ACCEPT
Any iptables solution is simply going to drop all packets in excess of
the limit.
I suggest this in 'start' (not 'started'):
run_iptables -t mangle -A POSTROUTING -m limit --limit 2000/sec \
-j ACCEPT
run_iptables -t mangle -A POSTROUTING -j DROP
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
