Question : How to limit number of routes per ip

I have a Linux firewall box, sometimes found many "dst cache overflow". There are some ways to overcome this, e.g. increase /proc/sys/net/ipv4/route/max_size or set secret_interval to a lower value. However, these do not solve the root cause of the problem. I found the root cause is some users connect to many many destinations in a short period (may be BT, virus, etc.). I can list the routes by "route -Cn".

I want to know is there any means to limit number of routes per IP? Solutions, comments, ideas, directions are welcome.

Answer : How to limit number of routes per ip

You are correct - each ICMP ping is a NEW packets - if you think of it it should be. Each ping is a seperate echo request (different icmp id) and as such a different "connection".

You have it explained for ICMP in:
http://www.linuxtopia.org/Linux_Firewall_iptables/x1571.html

Or main page for all protocols - chapter 7 of this guide:
http://www.linuxtopia.org/Linux_Firewall_iptables/index.html

You can divide rate limit for different protocols with this rules:
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:

iptables -N RATELIMIT
iptables -N RATELIMITICMP
iptables -N RATELIMITOTHER
iptables -A PREROUTING -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A PREROUTING -p tcp -m state --state NEW -j RATELIMIT
iptables -A PREROUTING -p udp -m state --state NEW -j RATELIMIT
iptables -A PREROUTING -p icmp -m state --state NEW -j RATELIMITICMP
iptables -A PREROUTING -m state --state NEW -j RATELIMITOTHER
iptables -A RATELIMIT -m recent --set --name RateLimit
iptables -A RATELIMIT -m recent --update --seconds 100 --hitcount 20 --name RateLimit -j DROP
iptables -A RATELIMITICMP -m recent --set --name RateLimitIcmp
iptables -A RATELIMITICMP -m recent --update --seconds 120 --hitcount 60 --name RateLimitIcmp -j DROP
iptables -A RATELIMITOTHER -m recent --set --name RateLimitOther
iptables -A RATELIMITOTHER -m recent --update --seconds 100 --hitcount 10 --name RateLimitOther -j DROP
Open in New Window Select All
Random Solutions  
 
programming4us programming4us