[LARTC] newbie needs policing help
Mike Wright
xktnniuymlla at mailinator.com
Fri Jul 20 22:45:14 CEST 2007
Hi listizens,
Complete tc newbie here. I'm in a pinch because of a mail assault on a
server. I've firewalled away many of the most egregious offenders but
non-smtp services are still being DOS'ed because of all the mail traffic.
Here is what I've tried. (I did say newbie ;)
-----------------
#!/bin/sh
#
# policing parent
tc qdisc add dev eth0 handle ffff: ingress
#
# filter should slow tcp smtpd traffic to 64k max
tc filter add dev eth0 parent ffff: protocol ip prio 50 \
u32 match ip dport 0x25 0xFFFF match ip protocol 0x06 0xff \
police rate 55kbit burst 9k drop flowid :1
-----------------
...but I haven't the slightest idea how to check up on it. e.g. with
iproute2 I could say "ip route list" to see what was in there, but how
can I check tc rules? "tc qdisk show" gives some cryptic output but "tc
filter show dev eth0" returns nothing.
(I'm not even sure if the above rules make any sense :( )
Any helpers out there?
TIA,
Mike Wright :m)
More information about the LARTC
mailing list