similar to: How to use rate limit with marks set on packets with own queue???

Hello all, After many time reading a lot of stuff I am quite confident using LARTC to route my trafic. I am still working on QoS (by package type and so on) but it will stay in my studing class for a long time... ;) So lets go to my question... I mounted a router that makes my conections throug 2 external interfaces. Its working fine and my default gateway for entire network behind

HI!! I''m use CBQ script for retrict bandwidth, but i need to priorize some traffic, ¿how i do it? In my case, i need that all trafic from 192.168.0.100/29 (marked with iptables) have higher priority. Thanks --

I''ve found the below rule, is it possible to use it with shorewall? I see how to setup the timing/rates but how to perform loggin of such action (a separate rule?). as an additional question is i possible to dynamically add hosts to blacklist and persist this between restarts? " SSH -A PREROUTING -m tcp -p tcp -d $EXTERNAL --dport 22 -m recent --rcheck --hitcount 3 --seconds 600 -j

Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state

Hello lartc maintainers and users! I have a router with two NICs. One NIC is connected to the Internet and the other to my internal LAN. I made a script for priorizing interactive traffic. The script matches TOS Minimize-Delay for priorizing interactive trafic, and fwmark for metropolitan packets. I have two root classes (simulating two circuits) : 1:1 for internet and 1:3 for metropolitan.

Hello, I have well performing iptables in centos 5.2 and 5.3 : -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 25 -j LOG --log-prefix "FW DROP IP Flood: " Centos 5.5, updated today: Without -hitcount : iptables accept the line Including -hitcount : iptables brings an error message: Applying iptables firewall rules: iptables-restore:

http://bugzilla.netfilter.org/show_bug.cgi?id=772 Summary: Rate Limiting Product: iptables Version: unspecified Platform: All OS/Version: All Status: NEW Severity: blocker Priority: P5 Component: unknown AssignedTo: netfilter-buglog at lists.netfilter.org ReportedBy: AsadMoeen at

hi all At last i got sucess !.. but am confused y it didnt work earlier..the difference today was that i reinstalled RH7.2 & complied kernel 2.4.16(not 17).. rest was same..... & the bandwidth too is under control!.. is it normal for to get more than said bandwidth--i mean i restricted a network with 8Kbit(with same script as below) but still was able to get a download(ftp) of

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=469 Summary: recent match doesn't triger with --hitcount > 20 Product: netfilter/iptables Version: linux-2.6.x Platform: i386 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: ip_tables (kernel) AssignedTo:

Hi, I''ve migrated my tc configuration from CBQ to HTB. One problem appeared. Htb seems to miscalculate the bandwidth for classes with greater rates. For rates below 2Mbit there is almost no difference between the configured and the measured rate. For large ones the problem starts. My root class has 10Mbit rate and when the interface has heavy trafic the measured bandwidth

Hi guys, i was trying to implement a redirection of my smtp trafic using netfilter an iproute with packet marking, just like is explained in lartc documentation... I will try to explain my configuration bellow: ther are two computers with fedora 2, kernek 2.6.9, iproute2-ss020116 and iptables v1.2.1. Computers names are pc1 and pc2, the network is 192.168.192.0... the pc1 is the one in charge to

Is the maximum permitted value for --hitcount documented anywhere? I reliably get a iptables-restore error when I specify a hitcount value greater than 20 but I cannot find any mention of there being a maximum value. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited

https://bugzilla.netfilter.org/show_bug.cgi?id=1370 Bug ID: 1370 Summary: iptables-restore-translate Product: nftables Version: unspecified Hardware: x86_64 OS: All Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter:

Hello, all. I read this document about iptables recent module. http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks and I would like to filter the excessive spam mail sending ip address by iptables recent module. and some questions. iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m

This was sent to me regarding the wiki. ---------- Forwarded message ---------- From: "Martin Kon??ek" <mkonicek12 at gmail.com> Date: Mar 7, 2013 4:44 AM Subject: mistake on Securing SSH To: <timothy.ty.lee at gmail.com> Cc: Hi TImothy, I saw wiki http://wiki.centos.org/HowTos/Network/SecuringSSH and it is pretty good, but there is a mistake. *Instead of having* iptables

I added these rules to IPTABLES to slow brute force attacks. iptables -A INPUT -p tcp --dport 22 -s my_subnet/24 -j ACCEPT iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --set --name SSH iptables -A INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 5 --rttl --name SSH -j DROP I would like log entries when connections are dropped to see

Hi all, It is my understanding that with HTB, the rate and the ceiling are divided over the elements of the class. E.g. using a rate of 100 kb and a ceiling of 2000 kb for a class with 10 elements on a 100Mb NIC, the effect of the ceiling will be that if all elements are generating their maximimum possible trafic they will be effectively limited to ~ ceiling / number of elements, in this case

Hello all, I''m writing to the list, because I have a problem setting up my routing that I''m unable to overcome. 1. The situation: +-------------+ +-------------+ | actaea | eth0 | ilex | | 192.168.1.4 |------ localnet ------| 192.168.1.1 | +-------------+ 192.168.1.0/24 +-------------+

On 19.02.2015 11:58, Niki Kovacs wrote: > Hi, > > I just migrated my office's server from Slackware64 14.1 to CentOS 7. So > far everything's running fine, I just have a few minor details to work out. > > I removed the firewalld package and replaced it by a simple Iptables > script: > > > --8<---------------------------------------------------- >

Hello all, I am doing many trys on put a QoS Solution to work at my ISP/WISP. I have this network topology: router <> eth0.srv <> eth1.srv <> clients I just want to make that ALL http, mail, ssh and icmp traffic have preference in any instace. So, what I tryed to do was this: My link has 3096 Kbps upload and 3096 Kbps download (it is a ppp from a telecom) I