Need help on IPtables for connections limiting

Support for security such as Firewalls and securing linux
Post Reply
OPrime
Posts: 1
Joined: 2006/06/28 12:32:53

Need help on IPtables for connections limiting

Post by OPrime » 2006/06/28 12:42:28

Hi

Currently I have configured a transparent bridge using CentOS 4.2 (default server installation with bridge-utlis rpm installed) and no IPtables running as the ruleset I did screw up big time. This linux bridge is now sitting pretty in front of my DNS server which is currently "under attacks" by a few particular IP addresses which actually belongs to a paying customer thus I cannot deny them from accessing the DNS server.

I like to know what should be the IPtables configuration on this bridge which will help me rate limit the connections from these "attackers". I am getting nearly 100 queries per second and I like to limit it to only 10 queries from this set of IP addresses.

My setup as per below:

DNS server -eth1-> Bridge -eth0-> Internet

DNS server is connected to Bridge via a cross-cable on Bridge eth1 which Bridge eth0 is the uplink to internet. My DNS server is both an authoritive server as well as DNS resolver. Please kindly advise. Thanks

Cheers
OP

itnas
Posts: 1
Joined: 2006/09/15 03:41:30
Location: Bogota, Colombia
Contact:

Re: Need help on IPtables for connections limiting

Post by itnas » 2006/09/15 03:58:32

Hi, As it has formed your fw?
So that you do not form as limit parametre completes rule of forward for meter to discard the connections of but

example :

$IPTABLES -A FORWARD -m limit --limit 1/s --limit-burst 50 -j LOG --log-level 7 --log-prefix "IPT FORWARD packet died: " -j DROP

Post Reply

Return to “CentOS 4 - Security Support”