[oclug] An iptables question

Adrian Irving-Beer wisq-oclug at wisq.net
Mon Apr 4 10:32:58 EDT 2005


On Mon, Apr 04, 2005 at 10:19:57AM -0400, Tony Wang wrote:
>
> iptables -A INPUT -p icmp --icmp-type echo-reply -m limit --limit \
> 3/minute --limit-burst 5 -j DROP
>
> my understanding is this is ping reply throttling control, drop if
> ping-reply coming faster than 3/minute,

No, this is actually 'drop three ping replies per minute'.  To get the
desired behaviour, you must make an ACCEPT limited to 3/minute, then a
DROP following it, both for echo-reply.

> how about the --limit-burst 5?

IIRC, think of the burst like a refillable queue.  It starts at 5. The
rule automatically applies to the first five packets, and then refills
at a rate of 3 per minute.

> It is supposed to be related to the leaky bucket model, but I can't
> figure out how.

Not familiar with the model, so I can't comment.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://tux.oclug.on.ca/pipermail/oclug/attachments/20050404/92fc246d/attachment.bin


More information about the OCLUG mailing list