X-Git-Url: http://git.onelab.eu/?p=iproute2.git;a=blobdiff_plain;f=examples%2FSYN-DoS.rate.limit;fp=examples%2FSYN-DoS.rate.limit;h=0000000000000000000000000000000000000000;hp=8766b679ce36d1868c19d54963181c5c7fa30acf;hb=3331a68859fd71047bb1f309048960b48eab2d83;hpb=2bd4a72f2100be7ad7d9518cb1d49bb2a5b71994 diff --git a/examples/SYN-DoS.rate.limit b/examples/SYN-DoS.rate.limit deleted file mode 100644 index 8766b67..0000000 --- a/examples/SYN-DoS.rate.limit +++ /dev/null @@ -1,49 +0,0 @@ -#! /bin/sh -x -# -# sample script on using the ingress capabilities -# this script shows how one can rate limit incoming SYNs -# Useful for TCP-SYN attack protection. You can use -# IPchains to have more powerful additions to the SYN (eg -# in addition the subnet) -# -#path to various utilities; -#change to reflect yours. -# -IPROUTE=/root/DS-6-beta/iproute2-990530-dsing -TC=$IPROUTE/tc/tc -IP=$IPROUTE/ip/ip -IPCHAINS=/root/DS-6-beta/ipchains-1.3.9/ipchains -INDEV=eth2 -# -# tag all incoming SYN packets through $INDEV as mark value 1 -############################################################ -$IPCHAINS -A input -i $INDEV -y -m 1 -############################################################ -# -# install the ingress qdisc on the ingress interface -############################################################ -$TC qdisc add dev $INDEV handle ffff: ingress -############################################################ - -# -# -# SYN packets are 40 bytes (320 bits) so three SYNs equals -# 960 bits (approximately 1kbit); so we rate limit below -# the incoming SYNs to 3/sec (not very sueful really; but -#serves to show the point - JHS -############################################################ -$TC filter add dev $INDEV parent ffff: protocol ip prio 50 handle 1 fw \ -police rate 1kbit burst 40 mtu 9k drop flowid :1 -############################################################ - - -# -echo "---- qdisc parameters Ingress ----------" -$TC qdisc ls dev $INDEV -echo "---- Class parameters Ingress ----------" -$TC class ls dev $INDEV -echo "---- filter parameters Ingress ----------" -$TC filter ls dev $INDEV parent ffff: - -#deleting the ingress qdisc -#$TC qdisc del $INDEV ingress