Rate control with IPtables in Redhat 9
Alexey Fadyushin
fab at s-tunnel.com
Thu Sep 30 17:12:09 UTC 2004
You can use 'limit' match module of iptables to control rate of packets
(no. of packets per time period). If you use this match module with the
ACCEPT (MASQUERADE, etc) target only the specified number of packets per
time period will be ACCEPTed (MASQUERADEd, etc). Packets above the limit
will be passwd to next rule (e.g. one with the DROP target).
However, the better solution to rate limiting and network bandwidth
allocation is via the use of 'tc' program which is a part of iproute
RPM. The exapmlies of its use could be found in
/usr/share/doc/iproute-<version>.
Alexey Fadyushin.
Brainbench MVP for Linux
http://www.brainbench.com
menonrr at jmu.edu wrote:
> 10/26
>
> Hello,
>
> I am fairly new to Linux world.
>
> Please help me to implement connection rate (ex. 5
> outgoing/minute) and packet size control in my iptables on my
> redhat 9 gateway. My iptables just forwards internet
> connections from interal hosts by masquerading.
>
> 1) I would like to design my test network such that only 10
> outgoing connections are allowed at any time. Please advice me
> on a good rate i.e no: of connection per time period. The
> network will and must have minimim usage. It has no production
> value.
>
> 2) Also what would be a good packet size for control?
>
> Thank You.
> Menon
>
More information about the redhat-list
mailing list