<< 09 January 2014 | Home | 11 January 2014 >>


iptables rules

Useful links for iptable rules:

  • limit connections per ip: also check the use of -p tcp --syn to restrict the limit only to the initiation request (with the SYN flag on).
  • iptables howto: quick reference guide to iptables
  • explanation on the limit module: To further explain the limit match, it is basically a token bucket filter. Consider having a leaky bucket where the bucket leaks X packets per time-unit. X is defined depending on how many matching packets we get, so if we get 3 packets, the bucket leaks 3 packets per that time-unit. The --limit option tells us how many packets to refill the bucket with per time-unit, while the --limit-burst option tells us how big the bucket is in the first place. So, setting --limit 3/minute --limit-burst 5, and then receiving 5 matches will empty the bucket. After 20 seconds, the bucket is refilled with another token, and so on until the --limit-burst is reached again or until they get used.

OwnCloud on debian wheezy

Tags : ,