[j-nsp] per flow rate-limiting on Juniper equipment

Eduardo Schoedler listas at esds.com.br
Thu Dec 17 14:50:54 EST 2015


up

2015-12-02 6:44 GMT-02:00 Martin T <m4rtntns at gmail.com>:
> Hi,
>
> which Juniper products support per flow rate-limiting? I mean similar
> functionality to for example iptables "recent"
> module(http://www.netfilter.org/documentation/HOWTO/netfilter-extensions-HOWTO-3.html#ss3.16).
> For example following iptables rules build dynamic source IP list if
> new(not a reply traffic) UDP traffic with source port 53 enter the
> interface eth0 and allow 4 packets within 10 seconds per IP address
> through:
>
> # iptables -t filter -L FORWARD -nv --line-numbers
> Chain FORWARD (policy ACCEPT 9 packets, 1704 bytes)
> num   pkts bytes target     prot opt in     out     source
>   destination
> 1       40  7200            udp  --  eth0   *       0.0.0.0/0
>   0.0.0.0/0            udp spt:53 state NEW recent: SET name:
> DNS-traffic-sources side: source mask: 255.255.255.255
> 2       34  6120 DROP       udp  --  eth0   *       0.0.0.0/0
>   0.0.0.0/0            udp spt:53 state NEW recent: UPDATE seconds: 10
> hit_count: 4 name: DNS-traffic-sources side: source mask:
> 255.255.255.255
> #
>
>
> Is there any Juniper equipment which is able to do this?
>
>
> thanks,
> Martin
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp



-- 
Eduardo Schoedler


More information about the juniper-nsp mailing list