ros可否实现此目的

tianyu0323

当客户机通向ros流量或都限程达到一定的程度时自动断开此客户机的连接.断开1分钟啊两分钟等.比如设定断开10分钟.但是要求重启则可以直接连接上网.
(是断开连接.就向断开网线一样的效果)

小雨奇缘

达到限制后限制为10/IP

add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=10,32 src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no


达到限制后直接丢包

add chain=forward in-interface=wan protocol=tcp src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no

lsq726com

好东西记号~~

tianyu0323

??2?的朋友

tianyu0323

刚才试验了一下好像不行。

小雨奇缘

加大流量测试一下

小雨奇缘

达到限制后限制为10/IP

add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=10,32 src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no


达到限制后直接丢包

add chain=forward in-interface=wan protocol=tcp src-address-list=black_list_forward action=drop comment="suppress DoS attack" disabled=no
add chain=forward in-interface=wan protocol=tcp tcp-flags=syn connection-limit=50,32 action=add-src-to-address-list address-list=black_list_forward address-list-timeout=1d comment="delect Dos attack to wan" disabled=no


修正一下,  把 in-interface=wan 里的 wan 改成你想限制的 内网网卡, 如果想全部的话, 就去掉这段