Rate control with IPtables in Redhat 9

Alexey Fadyushin fab at s-tunnel.com
Thu Sep 30 17:12:09 UTC 2004


You can use 'limit' match module of iptables to control rate of packets 
(no. of packets per time period). If you use this match module with the 
ACCEPT (MASQUERADE, etc) target only the specified number of packets per 
time period will be ACCEPTed (MASQUERADEd, etc). Packets above the limit 
will be passwd to next rule (e.g. one with the DROP target).

However, the better solution to rate limiting and network bandwidth 
allocation is via the use of 'tc' program which is a part of iproute 
RPM. The exapmlies of its use could be found in
/usr/share/doc/iproute-<version>.

Alexey Fadyushin.
Brainbench MVP for Linux
http://www.brainbench.com

menonrr at jmu.edu wrote:

> 10/26
> 
> Hello,
> 
> I am fairly new to Linux world.
> 
> Please help me to implement connection rate (ex. 5
> outgoing/minute) and packet size control in my iptables on my
> redhat 9 gateway. My iptables just forwards internet
> connections from interal hosts by masquerading.
> 
> 1) I would like to design my test network such that only 10
> outgoing connections are allowed at any time. Please advice me
> on a good rate i.e no: of connection per time period. The
> network will and must have minimim usage. It has no production
> value.
> 
> 2) Also what would be a good packet size for control?
> 
> Thank You.
> Menon
> 




More information about the redhat-list mailing list