Changes

Traffic shaping with tc

18 bytes added, 05:23, 25 December 2007

m

→‎Limiting packets per second rate from VE: use source tag

== Limiting packets per second rate from VE ==

To prevent dos atacks from the VE you can limit packets per second rate using iptables.

<~~pre~~source lang="bash">

DEV=eth0

iptables -I FORWARD 1 -o $DEV -s X.X.X.X -m limit --limit 200/sec -j ACCEPT

iptables -I FORWARD 2 -o $DEV -s X.X.X.X -j DROP

</~~pre~~source>

Here <code>X.X.X.X</code> is an IP address of VE

6,534

edits