172
edits
Changes
no edit summary
tc filter add dev $DEV parent 1: protocol ip prio 20 u32 match u32 1 0x0000 police rate 2kbit buffer 10k drop flowid :1
</pre>
== Limiting packages per second rate from VE ==
To prevent dos atacks from the VE you can limit packages per second rate using iptables.
<pre>
DEV=eth0
iptables -I FORWARD 1 -o $DEV -s X.X.X.X -m limit --limit 200/sec -j ACCEPT
iptables -I FORWARD 2 -o $DEV -s X.X.X.X -j DROP
</pre>
X.X.X.X is an IP address of VE
== External links ==