Solved Drop some percent of packets

Hi
I wanted to achieve these iptables rule using the firewalls provided in freebsd, can anyone tell me how can i do that?
Actually i want to combime these two rules to drop x% of the SYN+ACK packets
Thanks
Code:
iptables -D INPUT -m statistic --mode random --probability 0.03 -j DROP
iptables -A INPUT -p tcp --tcp-flags SYN,ACK SYN,ACK  -j DROP
 
This will drop 3% from all incoming packets:
Code:
ipfw add 65534 prob 0.03 deny log in
Change the number to wherever you want to put the rule in the chain.

Edit:
If you want to drop only SYN+ACK, you could use tcpflags:
Code:
ipfw add 65534 prob 0.03 deny log tcp from any to me tcpflags syn,ack in
 
ipfw(8)
prob match_probability
A match is only declared with the specified probability (floating
point number between 0 and 1). This can be useful for a number
of applications such as random packet drop or (in conjunction
with dummynet) to simulate the effect of multiple paths leading
to out-of-order packet delivery.

Note: this condition is checked before any other condition,
including ones such as keep-state or check-state which might have
side effects.
 
Back
Top