Hi,
I'm trying to set up a firewall and having some unwanted behaviour.
I have two machines setup in VirtualBox:
M1 with ip 192.168.0.1
M2 with ip 192.168.0.2
I have ipset sets setup as following in M1:
Code:
# IP & Ports blacklist
MAX_ELEMS=1024
HASH_SIZE=65535
ipset create bipp hash:ip,port maxelem $MAX_ELEMS hashsize $HASH_SIZE timeout 120
# IP & Port Whitelist
MAX_ELEMS=1024
HASH_SIZE=65535
ipset create wipp hash:ip,port maxelem $MAX_ELEMS hashsize $HASH_SIZE timeout 120
And in my iptables rules (also in M1 of coursse) I have set the following:
Code:
# UDP chain
iptables -N gen:non_tcp
# Max allowed throughput for known source
iptables -A gen:non_tcp -p udp \
-m set --match-set wipp src,dst \
-m limit --limit 25/sec --limit-burst 5 \
-j SET --add-set bipp src,dst
To test this, I add M2's ip that is the source of the packages sender as:
Code:
ipset add wipp 192.168.0.2,udp:53 (I checked for port number by sending it earlier)
Now when I send one UDP package from M2 using scapy, the M1's ip gets injected in bipp set straight. I was expecting it do only if I send 25 or more but this does not seem to be the case. I also tried the module hashlimit with the same effect. Am I missing something?
iptables version:1.4.14
ipset version: 6.12.1
Any help would be appreciated.
Regards,
Indyh