ros可否实现此目的
当客户机通向ros流量或都限程达到一定的程度时自动断开此客户机的连接.断开1分钟啊两分钟等.比如设定断开10分钟.但是要求重启则可以直接连接上网.(是断开连接.就向断开网线一样的效果) 达到限制后限制为10/IP
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=10,32 src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no
达到限制后直接丢包
add chain=forward in-interface=wan protocol=tcp src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no 好东西记号~~ ??2?的朋友 刚才试验了一下好像不行。 加大流量测试一下 达到限制后限制为10/IP
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=10,32 src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no
达到限制后直接丢包
add chain=forward in-interface=wan protocol=tcp src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no
修正一下,把 in-interface=wan 里的 wan 改成你想限制的 内网网卡, 如果想全部的话, 就去掉这段
页:
[1]