On 5/27/11 6:33 AM, scoobydooxp@64systems.com wrote:> I am trying to limit packets per second on the Internet interface
> (eth0) of my Shorewall server. I know that Shorewall does not support
> this directly so I need to add something in the started file. Can anyone
> point me in the right direction? I have tried a couple things but so far
> nothing has worked.
>
> /sbin/iptables -A OUTPUT -o eth0 -m limit --list 2000/sec -j ACCEPT
Any iptables solution is simply going to drop all packets in excess of
the limit.
I suggest this in ''start'' (not ''started''):
run_iptables -t mangle -A POSTROUTING -m limit --limit 2000/sec \
-j ACCEPT
run_iptables -t mangle -A POSTROUTING -j DROP
-Tom
--
Tom Eastep \ When I die, I want to go like my Grandfather who
Shoreline, \ died peacefully in his sleep. Not screaming like
Washington, USA \ all of the passengers in his car
http://shorewall.net \________________________________________________
------------------------------------------------------------------------------
vRanger cuts backup time in half-while increasing security.
With the market-leading solution for virtual backup and recovery,
you get blazing-fast, flexible, and affordable data protection.
Download your free trial now.
http://p.sf.net/sfu/quest-d2dcopy1