iptables and bind

Jason Bratton jbratton at rackspace.com
Tue Aug 19 22:40:13 UTC 2008


Steven Stromer wrote:
> I want to rate limit queries to mitigate threat of Polyakov-styled  
> attack, but I can't find anything on iptables rate limiting based on  
> bits, bytes, or Mb / time (as opposed to packets/time). I looked  

Not to sound like I'm advocating this approach, because I'm not, but you 
would want to check out the limit and recent modules.  If you have them 
loaded or compiled in, just run iptables -m limit --help and iptables -m 
recent --help.  You probably want recent since it will let you do this 
per IP.

-- Jason


Confidentiality Notice: This e-mail message (including any attached or
embedded documents) is intended for the exclusive and confidential use of the
individual or entity to which this message is addressed, and unless otherwise
expressly indicated, is confidential and privileged information of Rackspace.
Any dissemination, distribution or copying of the enclosed material is prohibited.
If you receive this transmission in error, please notify us immediately by e-mail
at abuse at rackspace.com, and delete the original message.
Your cooperation is appreciated.



More information about the bind-users mailing list