1

I searched and I can't find a rule to limit the count of the incoming packets for a INPUT UDP port per second and per IP.

I need that per all IPs that connect to my socket, not for a specific one.

I'm using iptables on Ubuntu 14.0.4 LTS amd64.

I am familiar how UDP works. In my scenario someone can create great number of UDP sockets using different ports.

I need only one socket from a single IP can connect to my UDP port.

Is this possible with iptables? I know Netfilter and C++, can i do this with that?

rez
  • 125
  • 1
  • 2
  • 6

1 Answers1

1

Here is what you can do:

iptables -A INPUT -p udp -s 111.111.111.111 --dport 123 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT

You need to have limit iptables extension. The example provided limits maximum 25 connection per minute. The limit-burst 100 indicates that the limit/minute will be enforced only after the total number of connection have reached the limit-burst level.

From the manual:

-s, --source address[/mask][,...]
              Source specification. Address can be either a network name, a hostname, a network IP address (with  /mask),  or  a  plain  IP
              address.  Hostnames  will be resolved once only, before the rule is submitted to the kernel.  Please note that specifying any
              name to be resolved with a remote query such as DNS is a really bad idea.  The mask can be either an ipv4 network  mask  (for
              iptables) or a plain number, specifying the number of 1's at the left side of the network mask.  Thus, an iptables mask of 24
              is equivalent to 255.255.255.0.  A "!" argument before the address specification inverts the sense of the address.  The  flag
              --src  is an alias for this option.  Multiple addresses can be specified, but this will expand to multiple rules (when adding
              with -A), or will cause multiple rules to be deleted (with -D).
prosti
  • 328
  • 1
  • 6
  • 17