NetFilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

would like to use match limit

from [Brent Clark] [Permanent Link][Original]
To: netfilter@lists.netfilter.org
Subject: would like to use match limit
From: Brent Clark <bclark@eccotours.co.za>
Date: Tue, 28 Nov 2006 09:35:01 +0200
Delivered-to: sp-com-lists@consult.net
Delivered-to: netfilter-list1@securepoint.com
List-archive: </pipermail/netfilter>
List-help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-id: General discussion and user questions <netfilter.lists.netfilter.org>
List-post: <mailto:netfilter@lists.netfilter.org>
List-subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
List-unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>, <mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
Sender: netfilter-bounces@lists.netfilter.org
User-agent: Thunderbird 1.5.0.8 (X11/20061117) 
Hey all

I have the following last four rules in my ruleset.

4863  234K REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    
       reject-with icmp-port-unreachable
1800 86165 REJECT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0    
       reject-with icmp-port-unreachable
0     0 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0       
    reject-with icmp-host-unreachable
0     0 REJECT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0       
    reject-with tcp-reset
What I was thinking / or hoping to add was the match limit, where by ill match these rules for a certain period, but then after that it moves to my default policy, which is DROP. 

The question is, would this be a good feasable solution, and b) what would be a 
good time period (how much burst).

Thanks to those who reply in advance.

Kind Regards
Brent Clark
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • would like to use match limit, Brent Clark <=
Previous by Date:  Re: Passive FTP sees remote's _internal_ IP!!??, gypsy
Next by Date:  strange udp redirect problem, Brane F . Gračnar
Previous by Thread:  NOTRACK not working as expected, Wilson, Richard E
Next by Thread:  strange udp redirect problem, Brane F . Gračnar
Indexes:  [Date] [Thread] [Top] [All Lists]