Find the answer to your Linux question:
Results 1 to 3 of 3
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    Exclamation ~ IPTables : Limit Incoming UDP Packets With a Certain Length ~


    I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).

    Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess length 20 packets coming from that IP.

    The modules that should work perfectly for this type of "rule set" are;

    - Limiting module
    - Length module

    Both of which are installed / compiled with the kernel/IPTables correctly and functioning.

    I have tried several rule sets, and they all seem to not fully work. Either they drop all UDP length 20 packets going to the local machine or allow all them through.

    Below is one of the rule sets I use, and it is not working. Any ideas what the issue could be?

    iptables -N CHECK1
    iptables -A INPUT -p udp -m length --length 20 -j CHECK1
    iptables -A CHECK1 -p udp -m length --length 20 -m limit --limit 5/second -j ACCEPT
    iptables -A CHECK1 -j DROP
    Any help would be appreciated. Thanks ahead of time!

  2. #2
    Any ideas?

  3. #3
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    Have you tried

    --length 20:1500
    This should include all packet 20 and larger. your rule was saying only packet lengths of 20.


    The adventure of a life time.

    Linux User #296285
    Get Counted

  4. $spacer_open

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts