我有一些问题网络客户端发送数据太快.
我想减慢它们,使用iptables,或者可能是tc.
我见过iptables解决方案,如:
sudo iptables -A INPUT -m state –state RELATED,ESTABLISHED -m limit –limit 50 / second –limit-burst 50 -j ACCEPT
但我认为限制适用于符合规则的所有内容,而不是每个客户地址.
有没有办法使这个规则限制每个客户端地址的数据包?
解决方法
你可以用一个简单的方法解决这个问题,尝试使用最近的iptables模块,最近跟踪源地址:
- iptables -m recent -h
- recent match options:
- [!] --set Add source address to list,always matches.
- [!] --rcheck Match if source address in list.
- [!] --update Match if source address in list,also update last-seen time.
- [!] --remove Match if source address in list,also removes that address from list.
- --seconds seconds For check and update commands above.
- Specifies that the match will only occur if source address last seen within
- the last 'seconds' seconds.
- --reap Purge entries older then 'seconds'.
- Can only be used in conjunction with the seconds option.
- --hitcount hits For check and update commands above.
- Specifies that the match will only occur if source address seen hits times.
- May be used in conjunction with the seconds option.
- --rttl For check and update commands above.
- Specifies that the match will only occur if the source address and the TTL
- match between this packet and the one which was set.
- Useful if you have problems with people spoofing their source address in order
- to DoS you via this module.
- --name name Name of the recent list to be used. DEFAULT used if none given.
- --rsource Match/Save the source address of each packet in the recent list table (default).
- --rdest Match/Save the destination address of each packet in the recent list table.
- --mask netmask Netmask that will be applied to this recent list.
阻止ssh暴力的示例:
- iptables -A INPUT -i eth0 -p tcp --syn --dport 22 -m recent --name ssh --set
- iptables -A INPUT -i eth0 -p tcp --syn --dport 22 -m recent --name ssh --rcheck --seconds 30 --hitcount 2 -j DROP
