search for: iplimit

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=87 Summary: 'iplimit' match is misnamed, should be 'tcplimit' Product: netfilter/iptables Version: linux-2.4.x Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: unknown AssignedTo: lafor...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=87 laforge@netfilter.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED ------- Additional Comments From laforge@netfilter.org 2003-04-28 08:25 ------- The misnomer is true. I

...yn-flood # Limit 12 connections per second (burst to 24) iptables -t nat -A syn-flood -m limit --limit 12/s \ --limit-burst 24 -j RETURN iptables -t nat -A syn-flood -j DROPLOG # Check for DoS attack iptables -t nat -A PREROUTING -i $EXT_IFACE \ -d $IP -p tcp --syn -j syn-flood use netfilter iplimit patch, iptables can limit the number of connections received from a particular IP address with the following rule: # DROP packets from hosts with more than 16 # active connections iptables -t nat -A PREROUTING -i $EXT_IFACE -p tcp \ --syn -d $IP -m iplimit --iplimit-above 16 \ -j DROPLOG

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=49 ------- Additional Comments From laforge@netfilter.org 2003-02-14 08:39 ------- what patches from patch-o-matic do you use? Do you know how to reproduce this behaviour? ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.

I thought of creating an htb class for each user, but as you said I haven''t got enough bw to do soo. That’s why my setup only has 5 classes with WRR queues so I get sure each user doesn’t affects the other users. On top of that I have an iplimit to a maximum of 15 parallel connections per user. So I get the following conclusions: A) change link B) upgrade to kernel 2.6 and use l7 filtering Eventhough.. anyone suggesting alternative solutions? -----Mensaje original----- De: lartc-admin@mailman.ds9a.nl [mailto:lartc-admin@mailman.ds9a....

...t; 8: 83 48 14 18 orl $0x18,0x14(%eax) Code; c0474fd5 <init+15/80> c: a1 38 01 45 c0 mov 0xc0450138,%eax Code; c0474fda <init+1a/80> 11: ff 40 10 incl 0x10(%eax) fuzzy.patch ALREADY APPLIED (0 rejects out of 2 hunks). iplimit.patch NOT APPLIED ( 2 missing files) ipt_unclean-ubit.patch NOT APPLIED (1 rejects out of 1 hunks) ipv4options.patch NOT APPLIED ( 2 missing files) IPV4OPTSSTRIP.patch NOT APPLIED ( 1 missing files) mport.patch ALREADY APPLIED (0 rejects out of 2 hunks). NETLINK.patch NOT APPLIED ( 2 missing files)...

https://bugzilla.netfilter.org/cgi-bin/bugzilla/show_bug.cgi?id=68 ------- Additional Comments From laforge@netfilter.org 2003-03-20 10:55 ------- This looks strange. The BUG in slab.c tells us that there is a GFP_ATOMIC missing. This means that we are allocating kernel memory from softirq context with only GFP_KERNEL. If I understand your backtrace correctly, what happens is: - you are

Hello there, I''m having lots of problems with my setup here. Let me explain: I am network administrator for my university dorm. We are about 300 users, and we have 2 ADSL connections doing load balancing with 300kbits upstream and 2Mbit downstream. The load balancing is working great, we are doing connection tracking so I can mark and hence prioritize interactive traffic and ACKS