I am running an application on my Debian server, which uses IPv4 and UDP for data communication.
I would like to block every client for a short while, that has a Round Trip Time above 140ms.
Unfortunately i am not able to implement such a rule directly in the application.
Is it possible to create an iptables rule for that?
Asked
Active
Viewed 94 times
1
robusto
- 92
- 1
- 8
-
For what purpose? – Jason Martin Jul 07 '17 at 14:57
1 Answers
2
IPtables cannot do this. IPTables cannot see the rtt for a packet. A standard UDP packet does not contain a timestamp on when it was sent, plus you can't be assured that the clock on that client is in sync with your own.
Your application would have to handle this by sending a packet to the client with an embedded timestamp, wait for the client to reply, and compare the timestamp with the current time. This level of behavior is beyond IPTables.
Jason Martin
- 5,023
- 17
- 24