I have the following rules:
iptables -I FORWARD -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22& 0x3C@8 =0xFFFFFFFF' -j SRCDS-TRF iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22& 0x3C@10 &0xFFFF=0x5453' -m limit --limit 45/second --limit-burst 150 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x55' -m limit --limit 3/second --limit-burst 20 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x56' -m limit --limit 3/second --limit-burst 15 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} --sport 27005 -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x71' -m limit --limit 20/second --limit-burst 70 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} ! --sport 27005 -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x71' -m limit --limit 2/second --limit-burst 17 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} --sport 27005 -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x6b' -m limit --limit 20/second --limit-burst 70 -j ACCEPT iptables -I SRCDS-TRF -p udp -d {IPDST} --dport {PORTDST} ! --sport 27005 -m u32 --u32 '0>>22& 0x3C@9 &0xFF=0x6b' -m limit --limit 2/second --limit-burst 17 -j ACCEPT
This works, however I need to create many of these rules for each IP and port. If I do not provide an IP address and port assignment, it acts as the limit of the packet as a whole, and not by IP, this causes problems when one application receives a surge in traffic and the rest receive also a speed limit.
Is there an easier way to create only one set of rules instead of potential hundreds?
rate-limiting iptables
user1372896
source share