Thank you Matej, That was very helpful! Regards HASSAN
On Fri, Dec 23, 2011 at 21:18, Matej Snoha <[email protected]> wrote: > > Mikrotik supports a queuing mechanism called PCQ (per connection > queuing) which restricts each connection to the amount specified. [...] > > > Is there a Linux Netfilter / IPTables equivalent of PCQ? > > Hi. As has been said here before, the "restrict limited kod" works quite > well for me. It can be customized too. > > As to PCQ Linux IPTables alternative: > The closest thing that comes to mind is ipt_recent module (part of most > distributions I believe). > More info here: http://www.snowman.net/projects/ipt_recent/ . > > A basic example: > iptables -I INPUT -i eth0 -p udp --dport 123 -m recent --set > iptables -I INPUT -i eth0 -p udp --dport 123 -m recent --update --seconds > 60 --hitcount 20 -j DROP > > This tracks recent incoming ntp connections. If one IP sends more than 20 > queries in 60 seconds, it is blocked until there is no connection from that > IP for another 60 seconds (--update). I use a variant of this to block > clients that continually send millions of queries with no regard for KOD, > timeouts, etc. > > Hope this helps. > Matej Snoha > > _______________________________________________ > pool mailing list > [email protected] > http://lists.ntp.org/listinfo/pool >
_______________________________________________ pool mailing list [email protected] http://lists.ntp.org/listinfo/pool
