Added quotas to iptables & updated iptables module to generate markdown

rezen · Jul 20, 2017 · c506f08 · c506f08
1 parent 79fbd1a
commit c506f08
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 7 deletions.
diff --git a/bin/iptables_modules_help.sh b/bin/iptables_modules_help.sh
@@ -1,20 +1,23 @@
 #!/usr/bin/env bash
-
 set -e
 
+# Output iptables modules help into markdown
+
 readonly modules=$(ls /lib/modules/$(uname -r)/kernel/net/netfilter/xt_* | grep -oP '(?<=xt_)([a-z]+)')
 
 for m in $modules
 do
-  helps=$(iptables -m "$m" -h 2>&1 | awk '/match options:$/,0' | sed 's/^/   /')
+  helps=$(iptables -m "$m" -h 2>&1 | awk '/match options:$/,0' | sed 's/^/ /')
 
   if [[ -z $helps ]]
   then
     continue
   fi
 
-  echo "--------------------------------------------------------------------"
   echo
+  echo "## $(echo $m | awk '{print toupper($0)}')"
+  echo '```'
   echo "$helps"
-  echo
+  echo '```'
+  echo "--------------------------------------------------------------------"
 done
diff --git a/itables-nft.md b/itables-nft.md
@@ -41,15 +41,18 @@ http://ipset.netfilter.org/iptables-extensions.man.html
 `iptables -m conntrack -h`
 `iptables -m hashlimit -h 2>&1 | awk '/match options:$/,0'`
 
-### Accounting
+### Accounting & Quotas
 - https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
-
+- https://www.linux-noob.com/forums/index.php?/topic/3036-bandwidth-quotas-using-iptables/
+- https://varinderjhand.wordpress.com/2012/05/21/iptables-rules-to-limit-time-quota-based-acces/
+- https://unix.stackexchange.com/questions/240286/using-tc-for-traffic-quotas
 
 ## Throttling, Rate Limiting
 - https://www.rackaid.com/blog/how-to-block-ssh-brute-force-attacks/
 - https://thelowedown.wordpress.com/2008/07/03/iptables-how-to-use-the-limits-module/
 - https://debian-administration.org/article/187/Using_iptables_to_rate-limit_incoming_connections
 - http://blog.programster.org/rate-limit-requests-with-iptables/
+- https://wiki.archlinux.org/index.php/Advanced_traffic_control#Using_tc_.2B_iptables
 
 ## NFQUEUE
 Many IPS depeond on NFQUEUE to pass packet handling to themselves!
@@ -75,4 +78,6 @@ Many IPS depeond on NFQUEUE to pass packet handling to themselves!
 - https://wiki.archlinux.org/index.php/Sysctl#TCP.2FIP_stack_hardening
 - https://danielmiessler.com/study/iptables/
 - https://strongarm.io/blog/linux-firewall-performance-testing/
-- https://www.tummy.com/blogs/2005/07/17/some-iptables-modules-you-probably-dont-know-about/
+- https://www.tummy.com/blogs/2005/07/17/some-iptables-modules-you-probably-dont-know-about/
+- http://linuxgazette.net/108/odonovan.html
+- https://www.linode.com/docs/security/firewalls/control-network-traffic-with-iptables