snipt

Ctrl+h for KB shortcuts

Bash

limit rate pings with iptables

1
2
3
4
5
6
7
8
9
iptables -A INPUT -p icmp -m limit --limit 39.6/m --limit-burst 1 -j DROP


# it will cause 2 out of 3 icmp replies to fail when executing a ping like
# ping -c 3 -i 1 -w 3 10.10.10.10
#
# we needed 1 out of 3 successful ping replies in, so that's 2/3 ~= 0.67 replies per second
# since we cannot use less than 0 values, we up the scale to the minute, so
# 0.67 * 60 = 39.6 replies in 1 minute :-)
https://snipt.net/embed/9f17c1e2f73f64ee02c4175a94e38a6a/
/raw/9f17c1e2f73f64ee02c4175a94e38a6a/
9f17c1e2f73f64ee02c4175a94e38a6a
bash
Bash
9
2019-06-17T08:48:29
True
False
False
/api/public/snipt/12336/
limit-rate-pings-with-iptables
<table class="highlighttable"><tr><td class="linenos"><div class="linenodiv"><pre><a href="#L-1">1</a> <a href="#L-2">2</a> <a href="#L-3">3</a> <a href="#L-4">4</a> <a href="#L-5">5</a> <a href="#L-6">6</a> <a href="#L-7">7</a> <a href="#L-8">8</a> <a href="#L-9">9</a></pre></div></td><td class="code"><div class="highlight"><pre><span></span><span id="L-1"><a name="L-1"></a>iptables -A INPUT -p icmp -m limit --limit 39.6/m --limit-burst <span class="m">1</span> -j DROP </span><span id="L-2"><a name="L-2"></a> </span><span id="L-3"><a name="L-3"></a> </span><span id="L-4"><a name="L-4"></a><span class="c1"># it will cause 2 out of 3 icmp replies to fail when executing a ping like</span> </span><span id="L-5"><a name="L-5"></a><span class="c1"># ping -c 3 -i 1 -w 3 10.10.10.10</span> </span><span id="L-6"><a name="L-6"></a><span class="c1">#</span> </span><span id="L-7"><a name="L-7"></a><span class="c1"># we needed 1 out of 3 successful ping replies in, so that&#39;s 2/3 ~= 0.67 replies per second</span> </span><span id="L-8"><a name="L-8"></a><span class="c1"># since we cannot use less than 0 values, we up the scale to the minute, so</span> </span><span id="L-9"><a name="L-9"></a><span class="c1"># 0.67 * 60 = 39.6 replies in 1 minute :-)</span> </span></pre></div> </td></tr></table>
"access list", "limit rate", bash, burst, icmp, iptables, ping