Hi Kishore,
you can indeed do so with iptables for example. Have a look at the
hashlimit or the limit module. They are both capable of limiting per
protocol, per dest or source ip and can be configured to trigger only
after reaching a burstlimit. You can enforce a udp packet rate which is
allowed per second per srcip for example to destination port 53:
iptables -I INPUT -m hashlimit -m udp-p udp –dport 53 –hashlimit 10/s
–hashlimit-mode srcip –hashlimit-name dns ...
Anyway, keep in mind that udp source ip might be spoofed (but then the
benchmarking this all is about would not apply anyways).
Sebastian
On 2017-04-30 15:52, Ram Kishore B wrote:
Thanks for the quick response.
Is it possible to rate limit the number of packets per second to allow
for
a specific iptables rule especially of *UDP*? If yes, our partial
requirement will be sufficed.
Only difficulty I can think at the moment of using this rule is, the
peers
will not be indicated with any response which can make them retry.
Otherwise having the rate limit in Bind incoming phase will provide the
flexibility of responding with specific error code to let the peer
understand the situation.
Thanks,
Kishore
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
