Difference between revisions of "Ratelimit"
m |
m (→Introduction) |
||
Line 6: | Line 6: | ||
*Per port, rate of connections | *Per port, rate of connections | ||
− | * | + | *Maxmum concurrent connections from a single IP |
+ | |||
+ | For UDP | ||
+ | *Per port, rate of connections | ||
= Configuration = | = Configuration = |
Revision as of 16:50, 12 September 2013
Introduction
ASL 4 introduces rate limit of TCP and UDP ports. ASL allows you to define the rate at which connections may occur to ports, as well as the maximum number of connections that can be open to a TCP port. This can be used to help with SYN and UDP floods.
For TCP you can define:
- Per port, rate of connections
- Maxmum concurrent connections from a single IP
For UDP
- Per port, rate of connections
Configuration
First you will need to configure the ports to protect, the rate per port, and the maximum number of concurrent connections for each protected TCP port. The engine uses two files, one for TCP ports, one for UDP ports. The files are:
/etc/asl/firewall/rate-limit-tcp
/etc/asl/firewall/rate-limit-udp
The format for the /etc/asl/firewall/rate-limit-tcp file is one line, per port:
port:rate:max_concurrent_connections
Example:
80:10:100 443:10:100
The format for the /etc/asl/firewall/rate-limit-udp file is one line, per port:
port:rate
Example:
53:100 2049:100
Note: UDP is connectionless, so there are no concurrent connections.
Enabling
Once you have rate limiting configured, you will need to enable it. Please see this option to enable the engine:
https://www.atomicorp.com/wiki/index.php/ASL_firewall#FW_RATE_LIMIT
And then follow the instructions in this document to configure rate limiting for your system.