msgbartop
A chronological documentation test project, nothing serious, really!
msgbarbottom

05 Mar 2008 Rate-limit the amount of iptables logging

Posted by

It is a good idea to place a log chain just above your drop or reject rule and usually you would do a

-A INPUT -j LOG

The above rule can cause flooding your system. You should instead use the following iptables rule to avoid your logs being flooded and DDOS’ing

-A INPUT -m limit –-limit 10/second –-limit-burst 20 -j LOG –-log-level 4 –-log-prefix "DROP_INPUT: "

Comments are closed.