这个 IPTable (update, seconds, hitcount) 规则是做什么的? (debian)
What does this IPTable (update, seconds, hitcount) rule do? (debian)
-- Watch for packets
iptables -I INPUT -p udp -m state --state NEW -m recent --set
-- Drop flooders
iptables -I INPUT -p udp -m state --state NEW -m recent --update --seconds 3 --hitcount 50 -j DROP
我不太明白它是如何工作的,我只知道当一个东西在 3 秒内通过 UDP 命中超过 50 次时,它就会被丢弃。
但是,能持续多久?它是否仅限于 50 次点击?
是每个人 50 次点击还是每个 IP 50 次点击?
来自https://linux.die.net/man/8/iptables:
[!] --rcheck
Check if the source address of the packet is currently in the list.
[!] --update
Like --rcheck, except it will update the "last seen" timestamp if it matches.
[!] --remove
Check if the source address of the packet is currently in the list and if so that address will be removed from the list and the rule will return true. If the address is not found, false is returned.
[!] --seconds seconds
This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and was seen within the last given number of seconds.
[!] --hitcount hits
This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and packets had been received greater than or equal to the given value. This option may be used along with --seconds to create an even narrower match requiring a certain number of hits within a specific time frame.
我会说这是每个源 IP 地址,只要在过去 3 秒内来自该源 IP 地址的点击次数超过 49 次,它们就会被丢弃。
-- Watch for packets
iptables -I INPUT -p udp -m state --state NEW -m recent --set
-- Drop flooders
iptables -I INPUT -p udp -m state --state NEW -m recent --update --seconds 3 --hitcount 50 -j DROP
我不太明白它是如何工作的,我只知道当一个东西在 3 秒内通过 UDP 命中超过 50 次时,它就会被丢弃。
但是,能持续多久?它是否仅限于 50 次点击? 是每个人 50 次点击还是每个 IP 50 次点击?
来自https://linux.die.net/man/8/iptables:
[!] --rcheck
Check if the source address of the packet is currently in the list.
[!] --update
Like --rcheck, except it will update the "last seen" timestamp if it matches.
[!] --remove
Check if the source address of the packet is currently in the list and if so that address will be removed from the list and the rule will return true. If the address is not found, false is returned.
[!] --seconds seconds
This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and was seen within the last given number of seconds.
[!] --hitcount hits
This option must be used in conjunction with one of --rcheck or --update. When used, this will narrow the match to only happen when the address is in the list and packets had been received greater than or equal to the given value. This option may be used along with --seconds to create an even narrower match requiring a certain number of hits within a specific time frame.
我会说这是每个源 IP 地址,只要在过去 3 秒内来自该源 IP 地址的点击次数超过 49 次,它们就会被丢弃。