0

Hello I have this rule:

-I INPUT -m string --hex-string "|XXX|" --algo bm --dport 7777 -j DROP

work's but there is some false positive.

So I want to limit this rule to 5 connections accepted by second before to drop the rest AND if the ip is already connected ( +1 limit), accept other packets with the even ip.

Thanks to help.

user221069
  • 31
  • 4

1 Answers1

1

UDP does not have any concept of connections, but you can limit to a number of packets per second by using the limit module: -m limit --limit 5/second

Even though UDP does not have any concept of connections, iptables still perform connection tracking on UDP packets in the most typical configurations. For that reason it can make a difference if the limit rule is used before or after another rule matching on state.

kasperd
  • 29,894
  • 16
  • 72
  • 122
  • thanks but I edited my post: "So I want to limit this rule to 5 connections accepted by second before to drop the rest AND if the ip is already connected ( +1 limit), accept other packets with the even ip." so -I INPUT -p udp -m ttl --ttl-eq XXX -m string --hex-string "|XXX|" --algo bm --dport 7777 -m limit --limit 5/second -j DROP or accept? and for to accept the ip connected? – user221069 May 25 '14 at 14:31