Created
August 30, 2017 19:27
-
-
Save tcotav/77b6e15bd1f6e2f5270f8c530c7eac78 to your computer and use it in GitHub Desktop.
simple script to rate limit via IPtables incoming requests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| DPORT=22 # inbound destination port | |
| PERIOD_SECONDS=5 # duration in seconds that we measure the # of hits | |
| HITCOUNT=4 # acceptable number of hits from same IP in duration | |
| # ref https://debian-administration.org/article/187/Using_iptables_to_rate-limit_incoming_connections | |
| iptables -I INPUT -p tcp --dport ${DPORT} -i eth0 -m state --state NEW -m recent --set | |
| # REJECT instead of DROP otherwise we leave the connection hanging for <TCP TIMEOUT> | |
| iptables -I INPUT -p tcp --dport ${DPORT} -i eth0 -m state --state NEW -m recent --update --seconds ${PERIOD_SECONDS} --hitcount ${HITCOUNT} -j REJECT | |
| # for sport echo what the rules are | |
| iptables -L --line-numbers | |
| # | |
| # delete with | |
| # | |
| # iptables -L --line-numbers | |
| # iptables -D INPUT <line number> | |
| # | |
| # bonus test client | |
| # | |
| ##!/bin/bash | |
| # | |
| #for i in `seq 1 5` ; do | |
| # echo 'exit' | nc <your ip>; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment