How to rate limit incoming traffic into a server so only x/min visitors can enter

by re213   Last Updated May 15, 2019 16:00 PM

I am trying to rate limit the oncoming traffic to my servers. I figured using iptables (on centOS) would be the best choice. I have been looking around and discovered a few solutions:

sudo iptables --flush  # start again
sudo iptables --new-chain RATE-LIMIT
sudo iptables --append RATE-LIMIT \
    --match hashlimit \
    --hashlimit-upto 3/minute \
    --hashlimit-burst 5 \
    --hashlimit-name conn_rate_limit \
    --jump ACCEPT
sudo iptables --append RATE-LIMIT --jump DROP

^this does not work - but I want it to as it seems like a better option than the below block (which worked - but I feel has less flexibility):

iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set

iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

Please help me understand what am I doing wrong with the first block? also, how can I apply this to ipv6? simply by using ip6tables?



Related Questions


Updated March 02, 2017 10:00 AM

Updated April 10, 2017 22:00 PM

Updated August 12, 2017 00:00 AM

Updated June 02, 2016 08:00 AM

Updated July 04, 2016 08:00 AM