Forgot your password?
Jianpeng Ma(02-25-05)
EMAIL
Document Actions
(10-23-05) tips for iptables
(10-23-05) tips for iptables
Next: (10-23-05) zhoudb RAID Up: Debian GNU/linux Previous: (10-07-05) generate ssl key Contents Index
(10-23-05) tips for iptables
http://www.netfilter.org/documentation/HOWTO//packet-filtering-HOWTO.html- ip6tables is available for ipv6
- self-define a chain and let built-in chain use it instead.
iptables -N in iptables -A in -j DROP ...(more rules for chain in) iptables -I INPUT -i $interface -j in
- define a function and let a chain jump to it as a target
function drop_log { iptables -N drop_log || return iptables -m limit -A drop_log --limit 1/second -j LOG --log-prefix "DROP " iptables -A drop_log -j DROP } drop_log iptables -A FORWARD -j drop_log - Extensions to iptables: new matches. To get help on an extension, use the option to load it (`-p', `-j' or `-m') followed by `-h' or `-help', eg:
iptables -p tcp --help. - limit module is used to restrict the rate of matches. eg:
iptables -m limit -A reject_log --limit 1/second -j LOG --log-prefix "REJECT "
Potentially, it could be used to limit speed. But i haven't found how.
Yu Huang 2006-03-25
Gene Regulatory Networks Special Feature (PNAS)