Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. iptables>
  3. User
-limit ??
ghastings at sc
Jul 24, 2001, 10:44 PM
Post #1 of 2 (538 views)
Permalink
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I was reading the packet-filtering-HOWTO and came across this line

Furtive port scanner:
iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit
- --limit 1/s -j ACCEPT

Can someone explain what the -m limit --limit 1/s bit means please

Thanks

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBO15cxyGB8Ri4BtJMEQJJUwCdHNnCjNgO0Qz/CVi6sSFTJx8yPZ4AoOgj
wTtU7i55aAo+60MDu3EtLLg9
=QHWb
-----END PGP SIGNATURE-----
RE: -limit ?? [ In reply to ]
N.Morse at hyperknowledge
Jul 25, 2001, 1:04 AM
Post #2 of 2 (504 views)
Permalink
well if you read the howto you should know - it does explain it - in fact if
I look at it now, the paragraph just above the Furtive Port Scanner explains
all about it.

http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/packet-f
iltering-HOWTO.linuxdoc-7.html

and search for "-limit"

> I was reading the packet-filtering-HOWTO and came across this line
>
> Furtive port scanner:
> iptables -A FORWARD -p tcp --tcp-flags SYN,ACK,FIN,RST RST -m limit
> - --limit 1/s -j ACCEPT
>
> Can someone explain what the -m limit --limit 1/s bit means please

Basically it just means that this rule will only ACCEPT 1 packet per second
with the default burst of 5

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal