Quote:
Originally Posted by rodm13
limit the connection rate so I don't get killed whenever I would otherwise act too much like a virus.
|
Do you mean limit the number of TCP/UDP connections you try to establish per unit time?
With Linux, you could use
iptables'
limit and
state modules to DROP or REJECT packets that try to establish NEW connections faster than a certain rate:
Code:
# Set RATE to connections/seconds allowed, BURST to the number of packets allowed w/o respect to rate, and INET_IF to
# the interface for Internet access.
RATE=???
INET_IF=???
BURST=???
iptables -A OUTPUT -o $INET_IF -m state --state NEW -m limit --limit-burst $BURST --limit ${RATE}/second -j ACCEPT
iptables -A OUTPUT -o $INET_IF -m state --state NEW -j REJECT
(If you have other rules in the OUTPUT chain, you might need to break this logic into a separate user chain to prevent a conflict with the existing logic. In which case, the first rule would RETURN instead of ACCEPT.)
But I would think the application(s) that tried to initiate these connections would probably react badly to this. And it would only work for Linux. BSD might have a similar capability, but I am not familiar with it.