IPtables (Netfilter) is a nice throttling mechanism, however, it's not supported on all platforms.
There are other options, including modules for Web daemons. One such module is mod_evasive, which can act as a throttle on Apache 1.3.X and 2.X servers. --Tobias [EMAIL PROTECTED] wrote: > Does anyone know of a better way to do this > I am using IPTABLES to allocate a "fixed" connection rate to the mail > server (port 25 traffic) > while allocating most of the connection bandwidth to the apache webserver... > > I am getting about 100,000 spam hits a week > installed this in the firewall > and now.... > currently the greylister is handling about 4 greylists/minute, > spamassasin is processing about 4 SPAMS [spamlevel > 5] per hour, > and the processor is 99.1% idle.... > > and life is now ....GOOD, > ------------------------------------------------------------------------------------------------------------- > # > LG_LVL=5 > # > <snip> > ........ > </snip> > > # > #echo "1" > /proc/sys/net/ipv4/ip_dynaddr > > ## LOOPBACK > # Allow unlimited traffic on the loopback interface. > $IPTABLES -A INPUT -i lo -j ACCEPT > $IPTABLES -A OUTPUT -o lo -j ACCEPT > > ## SYN-FLOODING PROTECTION > # This rule restricts the rate of incoming connections. In order to do > this we divert tcp > # packets with the SYN bit set off to a user-defined chain. Up to > limit-burst connections > # can arrive in 1/limit seconds ..... in this case (for email > --dport25) 3 connections in one second. > # After this, one of the bursts is regained every second and > connections are allowed again. > # The default limit is 3/hour. The default limit burst is 5. > # > # we want this 'first' (at the beginning) in the INPUT chain > $IPTABLES -N syn-flood > $IPTABLES -N syn-flood_25 > $IPTABLES -N syn-flood_110 > $IPTABLES -A INPUT -i $INET_IFACE -p tcp -d $INTERNET_IP --syn -j syn-flood > $IPTABLES -A syn-flood -p tcp --dport 25 -j syn-flood_25 > $IPTABLES -A syn-flood -p tcp --dport 110 -j syn-flood_110 > ######### process the rest of the connections > ######### this should be greater than max() of all the others > ######### eg pulling a webpage refresh of a page like "joomla > administrator" > ######### (pulls a lot of port 80 connects because of all the > small images) > ######### (and maybe there is a proxy web server in between the > client and the web server > ######### so 50 connections may not be quite high > enough for good webserving) > $IPTABLES -A syn-flood -m limit --limit 2/s --limit-burst 50 -j RETURN > $IPTABLES -A syn-flood -j LOG --log-level $LG_LVL --log-prefix "IPTABLES > FLOOD: " > $IPTABLES -A syn-flood -j REJECT > ######### > $IPTABLES -A syn-flood_25 -m limit --limit 1/s --limit-burst 3 -j RETURN > $IPTABLES -A syn-flood_25 -j LOG --log-level $LG_LVL --log-prefix > "IPTABLES FLOOD_25: " > $IPTABLES -A syn-flood_25 -j REJECT > > ######### it is possible (fast link), a customer with 6 email accounts > can connect 6 times in under 2 seconds > $IPTABLES -A syn-flood_110 -m limit --limit 2/s --limit-burst 6 -j RETURN > $IPTABLES -A syn-flood_110 -j LOG --log-level $LG_LVL --log-prefix > "IPTABLES FLOOD_110: " > $IPTABLES -A syn-flood_110 -j REJECT > # > # Enable simple IP Forwarding and Network Address Translation > ....... > > ---------------------------------------------------------------------------------------- > Regards > DonMath > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > _______________________________________________ > policyd-users mailing list > policyd-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/policyd-users ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ policyd-users mailing list policyd-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/policyd-users
