Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm currently having trouble trying to setup a rule on IPTables to rate-limit certain packets. I can't just use the normal limit mode on iptables as this has to be per dstip and dstport.
The rule looks like this:
Code:
iptables -A PREROUTING -t raw -p udp -m hashlimit -m u32 --u32 "0x0>>0x16&0x3c@0x9&0xff=0x55" --dport 27015:27105 --hashlimit-mode dstip,dstport --hashlimit-above 500/sec --hashlimit-name PLAYERQUERY -j DROP
This seems to work correctly and will rate-limit when a significant amount comes in, however I can see random packets being dropped even when under the 500/sec limit. I'm verifying this by using wireshark across our nodes and I'm only seeing maybe 20~ a second.
You are seeing packets being dropped but you are not logging why they are being dropped. You should log all packets being dropped and label them as to what they are being dropped for then you would have a better understanding what is being dropped and why. Presently you are shooting in the dark and hoping to find the target.
Just because packets are being dropped doesn't mean the above rule is dropping them.
lazydog, it's easy to see that the rule drop paquets with the "-v" argument of iptables. Maybe Davisn23 did that....
i have the same probleme of Davisn23 with another similar rule:
rule "B":
iptables -I INPUT 1 -m hashlimit -m tcp -p tcp --dport 80 -i eth0 --hashlimit-above 256/sec --hashlimit-burst 512 --hashlimit-mode srcip --hashlimit-name reg_html1 -m state --state NEW -j DROP
I saw some ramdom packet drop with that rule (iptables -t filter -L -v)
A rule "A", before this one, shows that the rate limit is not the reason of the drops:
iptables -I INPUT 1 -p tcp --dport ssh -m state --state NEW -m recent --set
So if i test the rules with a rate of a few packets per second (less than 256/sec ) i see that paskets in the rule A, and from time to time, rule "B" drops some packets.
lazydog, it's easy to see that the rule drop paquets with the "-v" argument of iptables. Maybe Davisn23 did that....
i have the same probleme of Davisn23 with another similar rule:
rule "B":
iptables -I INPUT 1 -m hashlimit -m tcp -p tcp --dport 80 -i eth0 --hashlimit-above 256/sec --hashlimit-burst 512 --hashlimit-mode srcip --hashlimit-name reg_html1 -m state --state NEW -j DROP
I saw some ramdom packet drop with that rule (iptables -t filter -L -v)
A rule "A", before this one, shows that the rate limit is not the reason of the drops:
iptables -I INPUT 1 -p tcp --dport ssh -m state --state NEW -m recent --set
So if i test the rules with a rate of a few packets per second (less than 256/sec ) i see that paskets in the rule A, and from time to time, rule "B" drops some packets.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
