When reading the 'man shorewall-rules' again I wonder if I can accomplice the
same behavior with this single rule:
#ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL
RATE USER/ MARK
# PORT PORT(S) DEST
LIMIT GROUP
HTTP(DNAT) net loc:192.168.1.160 - -
- - s:HTTPACCESS:3/min:3
It looks to me if this has the same effect as the two rules given below (if I
understand the rules correctly). So could someone then tell me what the
difference is (if any) between the two ways to achieve this effect?
And one last question... Both limiting rules work by counting the current
connected TCP sessions right? So when you open a webpage on a webserver it sets
up one TCP session on port 80 for you and then your requests (for webpages and
pictures e.d.) to the webserver are all handled within that one connected TCP
session right? So when using the rate limit to limit 3 connections per minute I
can open 3 instances of firefox and they can all connect to the webserver and
browse there, but when opening the 4th instance of firefox, it connection
request will be dropped. But then after a minute (with the other 3 connections
still connected) I can connect the 4th instance also because the it's a new
minute and so 3 new connections can be made.
Is this how these rules work? And is this the same for the rule I added above
this text as the two rule I got from Tom? Or do they behave differently? Sorry
if it sounds dump, by I just want to really understand correctly how these
rules should be applied.
Sander
-----Original Message-----
From: Tom Eastep [mailto:[email protected]]
Sent: maandag 12 april 2010 22:16
To: Shorewall Users
Subject: Re: [Shorewall-users] Using the limit action on a DNAT rule to prevent
DoS attackson a specific port
S. J. van Harmelen wrote:
> I’m reading and reading through the doc’s and previous posts, but cannot
> seem to find what I’m looking for. I want to create a rule that prevents
> DoS and maybe even DDoS attacks against a specific port. The current
> rule looks like this (the PORT’s and IP’s are dummies of course):
>
> #ACTION SOURCE DEST
> HTTP(DNAT) net loc:192.168.1.160
>
> Now how can I convert this rule so I can use the limit action? I assume
> the following rule isn’t going to work correct because it misses the
> DNAT action:
>
> Limit:info:HTTPACCESS,3,60 net loc:192.168.1.160 tcp 80
>
> So how should I do this? Any help or pointers the some usefull doc’s
> about this topic are more then welcome!
DNAT- net loc:192.168.1.160 tcp 80
Limit:info:HTTPACCESS,3,60 net loc:102.168.1.160 tcp 80
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
