Ratelimit connections per second #8
Comments
|
Hey! There are currently PPS (packets per second) and BPS (bytes per second) options you can use within a filter rule. When a source IP exceeds the limits set within the filter rule, the packet will be dropped and if the block time is above 0, it will continue to drop all packets from that source IP for x seconds (the block time set). If you're referring to TCP connections, the firewall is completely stateless at the moment and implementing TCP connections support would take time in XDP since you'd have to keep track of the TCP state of each connection in a separate BPF map (I have done it before, but that was for a private project). I may do it in the future, but I'm not sure yet. I hope the above helps! |
|
Hi, thanks for your reply. I hope you'd be able to implement such an option and continue working on this amazing project. While it may not seem that popular at the moment, I indeed see great potential with it. There's no proper XDP based firewall anywhere on the internet. Regards |
|
Ratellmit (or rather "police") ICMP, UDP or TCP SYN (+other flags) per Source IP would be a great improvement in it self, I guess there isn't any counting per |
Hello!
Would it be possible to add a feature to rate-limit connections per second per IP address?
The text was updated successfully, but these errors were encountered: