LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 10-27-2010, 09:05 AM   #1
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Rep: Reputation: 39
iptables rate limiting for bridged connection (kvm created bridge)


I have a bridged network setup ifconfig -a
gives following output

Code:
br0       Link encap:Ethernet  HWaddr 00:26:b9:82:42:38  
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::226:b9ff:fe82:4238/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:150779 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25649 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:109293717 (109.2 MB)  TX bytes:13045804 (13.0 MB)

eth0      Link encap:Ethernet  HWaddr 00:26:b9:82:42:34  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:36 Memory:d6000000-d6012800 

eth1      Link encap:Ethernet  HWaddr 00:26:b9:82:42:36  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:48 Memory:d8000000-d8012800 

eth2      Link encap:Ethernet  HWaddr 00:26:b9:82:42:38  
          inet6 addr: fe80::226:b9ff:fe82:4238/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:153417 errors:0 dropped:0 overruns:0 frame:0
          TX packets:27103 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:106427544 (106.4 MB)  TX bytes:13644205 (13.6 MB)
          Interrupt:32 Memory:da000000-da012800 

eth3      Link encap:Ethernet  HWaddr 00:26:b9:82:42:3a  
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:42 Memory:dc000000-dc012800 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:426584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:426584 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:106667150 (106.6 MB)  TX bytes:106667150 (106.6 MB)

vnet0     Link encap:Ethernet  HWaddr 12:7f:c9:1b:4b:55  
          inet6 addr: fe80::107f:c9ff:fe1b:4b55/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4796 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124800 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:4919136 (4.9 MB)  TX bytes:102875453 (102.8 MB)

vnet1     Link encap:Ethernet  HWaddr 26:c0:8d:f2:14:29  
          inet6 addr: fe80::24c0:8dff:fef2:1429/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3868 errors:0 dropped:0 overruns:0 frame:0
          TX packets:126231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:2911695 (2.9 MB)  TX bytes:102792920 (102.7 MB)

vnet2     Link encap:Ethernet  HWaddr 3e:0d:34:3e:24:3f  
          inet6 addr: fe80::3c0d:34ff:fe3e:243f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:523 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123086 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:144288 (144.2 KB)  TX bytes:102302055 (102.3 MB)

vnet3     Link encap:Ethernet  HWaddr 6e:13:93:c4:44:49  
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:426584 errors:0 dropped:0 overruns:0 frame:0
          TX packets:426584 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:106667150 (106.6 MB)  TX bytes:106667150 (106.6 MB)

vnet0     Link encap:Ethernet  HWaddr 12:7f:c9:1b:4b:55  
          inet6 addr: fe80::107f:c9ff:fe1b:4b55/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4796 errors:0 dropped:0 overruns:0 frame:0
          TX packets:124800 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:4919136 (4.9 MB)  TX bytes:102875453 (102.8 MB)

vnet1     Link encap:Ethernet  HWaddr 26:c0:8d:f2:14:29  
          inet6 addr: fe80::24c0:8dff:fef2:1429/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3868 errors:0 dropped:0 overruns:0 frame:0
          TX packets:126231 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:2911695 (2.9 MB)  TX bytes:102792920 (102.7 MB)

vnet2     Link encap:Ethernet  HWaddr 3e:0d:34:3e:24:3f  
          inet6 addr: fe80::3c0d:34ff:fe3e:243f/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:523 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123086 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:144288 (144.2 KB)  TX bytes:102302055 (102.3 MB)

vnet3     Link encap:Ethernet  HWaddr 6e:13:93:c4:44:49  
          inet6 addr: fe80::6c13:93ff:fec4:4449/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:698 errors:0 dropped:0 overruns:0 frame:0
          TX packets:121930 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:90625 (90.6 KB)  TX bytes:102221778 (102.2 MB)
I am not sure of following things

1) When limiting rate of incoming connections what should I specify interface following rule definitely will not work

Quote:
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 90 --hitcount 5 --name DEFAULT --rsource -j DROP
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
2) For setting up other IPTABLE rules if I do not specify the interface will that work
Some thing of following sort
Quote:
-A INPUT -s 218.38.18.159/32 -p tcp -m tcp --dport 22 -j DROP
3) What are these vmnet1,vmnet2,vmnet3,vmne4 which I see above. I used kvm and virt-manager to create a bridged setup.

Last edited by tkmsr; 10-27-2010 at 09:10 AM.
 
Old 10-28-2010, 07:50 AM   #2
mrmnemo
Member
 
Registered: Aug 2009
Distribution: linux
Posts: 527

Rep: Reputation: 51
HI

You might to read this thred.

It appears that you can rate-limit either the bridge as a whole or specific bridged ports. Cool.

A quick qoute from the thread:
Quote:
The Physdev packet matching matches against the physical bridge ports the IP packet arrived on or will leave by. Example:

iptables -A INPUT -p tcp --dport 22 -m physdev --physdev-in eth1 -j ACCEPT
Hope that helps out.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Bridged network, devices using bridge fail until pinged. exodist Linux - Networking 7 02-18-2010 02:50 PM
Outgoing rate limiting with iptables problem. goofyheadedpunk Linux - Networking 10 03-01-2009 06:34 PM
Connection rate limiting rodm13 Linux - Networking 1 11-16-2007 05:31 AM
Iptables connection limiting ivanatora Linux - Networking 5 01-09-2005 09:56 AM
Rate limiting with Iptables on port 21 rino2003 Linux - Networking 1 12-26-2004 06:34 PM


All times are GMT -5. The time now is 11:07 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration