[j-nsp] per flow rate-limiting on Juniper equipment
Eduardo Schoedler
listas at esds.com.br
Thu Dec 17 14:50:54 EST 2015
up
2015-12-02 6:44 GMT-02:00 Martin T <m4rtntns at gmail.com>:
> Hi,
>
> which Juniper products support per flow rate-limiting? I mean similar
> functionality to for example iptables "recent"
> module(http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.16).
> For example following iptables rules build dynamic source IP list if
> new(not a reply traffic) UDP traffic with source port 53 enter the
> interface eth0 and allow 4 packets within 10 seconds per IP address
> through:
>
> # iptables -t filter -L FORWARD -nv --line-numbers
> Chain FORWARD (policy ACCEPT 9 packets, 1704 bytes)
> num pkts bytes target prot opt in out source
> destination
> 1 40 7200 udp -- eth0 * 0.0.0.0/0
> 0.0.0.0/0 udp spt:53 state NEW recent: SET name:
> DNS-traffic-sources side: source mask: 255.255.255.255
> 2 34 6120 DROP udp -- eth0 * 0.0.0.0/0
> 0.0.0.0/0 udp spt:53 state NEW recent: UPDATE seconds: 10
> hit_count: 4 name: DNS-traffic-sources side: source mask:
> 255.255.255.255
> #
>
>
> Is there any Juniper equipment which is able to do this?
>
>
> thanks,
> Martin
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
--
Eduardo Schoedler
More information about the juniper-nsp
mailing list