Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Exclamation **IPTables Issue - Module Limit & Length**


    I have been currently experimenting with IPTables and filtering out certain packets with certain overall udp length.

    For example;

    iptables -A INPUT -p udp -m length --length 43 -j DROP

    That above rule works perfectly, dropping all packets with the overall length of 43. Problem is, now say I want to limit them to one a minute on a per ip basis (per ip basis is default for all iptables basically). I do the following rule;

    iptables -A INPUT -p udp -m length --length 43 -m limit --limit=1/minute -j DROP

    This does not work. This rule does not limit the amount of udp packets overall 43 length accepted to one a minute on a per ip basis.

    Does anyone know what I am doing wrong? Any help would be appreciated.


  2. #2
    *Bump. Any ideas anyone?

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    You rule is saying limit 1 a minute and drop it.
    Because I don't know your rules I would suggest doing your checking as follows:

    Create a subchain for the checking something like this:

    iptables -A INPUT -p udp -m length --length 43 -j UDPCHECK
    iptables -N UDPCHECK
    iptables -A UDPCHECK -p udp -m length --length 43 -m limit --limit=1/minute -j ACCEPT
    iptables -A UDPCHECK -j DROP
    If you need the packet to continue to be checked by iptables then change 'ACCEPT' to 'RETURN'


    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts