Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to test an applications ability to deal with randomly or systematically dropped packets. I'd like to intentionally drop a packet only on a specific port at various intervals.... could be based on time or count I suppose.
I've been reading the netfilter docs thinking iptables might provide what I'm looking for. Apparently -m limit doesn't take arguments. I get this message when trying the rule suggested.
Upon further review... looks like there are a couple of optional arguments
--limit and --limit-burst. From reading the docs I don't really understand what these do but I'll experiment with the --limit argument and see what happens.
The limit module is used to match only a certain amount of packets.
-m limit --limit 5 would match the first 5 packet then ignore the rest.
This is usually used for logging purposes. For example log the first 5 packets of a DoS attack, then ignore the rest or maybe drop then to prevent the attack from succeeding.
That depends on what you set the limits at. Obviously it wouldn't make much sense to accept 5 packets and then drop the rest forever. The limit burst recharges over time to allow the pakcets back in, and if set low enough, like --limit 10/s which would have a default --limit-burst 5 the first 5 would match the rule, then only 1 every 6sec would match.
If nothing comes in within 6sec then the --limit-burst is raised from 0 to
1, and so on every 6sec.
So a commands like:
iptables -A INPUT ACCEPT
iptables -A INPUT -i eth0 -m limit --limit 10/s -p tcp --dport 20000 -j DROP
Would drop the first 5 packets, and then drop 1 packet every 6 seconds provided the packets are coming in at 10/second or more.
Please someone correct me if I am wrong about this.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.