Last active
July 31, 2023 02:29
-
-
Save andrewhodel/08150531e14c338c57a1df8cfcb0fe99 to your computer and use it in GitHub Desktop.
iptables-rate-limit
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| sudo iptables -F | |
| sudo ip6tables -F | |
| # limit traffic with destination port 443 to 80 NEW CONNECTIONS per minute | |
| # --hashlimit-burst is when the rate limiting starts counting, at the first new connection | |
| # --hashlimit-htable-expire is in milliseconds and is required to be at least as long as the --hashlimit-above interval | |
| # use a different --hashlimit-name with each service | |
| # accept port traffic | |
| sudo iptables -I INPUT -p tcp --dport 443 --match hashlimit --hashlimit-above 80/min --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name hserver --hashlimit-htable-expire 60000 -m state --state NEW -j DROP | |
| # allow IP address full speed | |
| sudo iptables -I INPUT -s 8.8.8.8 -j ACCEPT | |
| # accept port traffic | |
| sudo ip6tables -I INPUT -p tcp --dport 443 --match hashlimit --hashlimit-above 80/min --hashlimit-burst 1 --hashlimit-mode srcip --hashlimit-name hserver --hashlimit-htable-expire 60000 -m state --state NEW -j DROP | |
| # allow IP address full speed | |
| sudo ip6tables -I INPUT -s 2607:f8b0:4004:c1d::66 -j ACCEPT |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment