Edenmal

Sysadmin Garden of Eden

iptables: Using statistic module

Table of Contents
  1. 1. “Load Balance” with iptables between two servers
  2. 2. Dropping packages with a X% probability from a specific IP address

“Load Balance” with iptables between two servers

Kubernetes uses this method to load balance traffic between pods in the cluster.

The commands below create separate chains for each server and for the load balancing of port 80 in this case:

iptables -t nat -N LB_PORT80
iptables -t nat -N LB_PORT80_SERVER1
iptables -t nat -A LB_PORT80 \
-m statistic --mode random --probability 0.5000 \
-j LB_PORT80_SERVER1
iptables -t nat -N LB_PORT80_SERVER2
iptables -t nat -A LB_PORT80 \
-j LB_PORT80_SERVER2
iptables -t nat -A INPUT -p tcp -m tcp --dport 80 -j LB_PORT80

Dropping packages with a X% probability from a specific IP address

My favorite rule to mess with people ;)

iptables -A INPUT \
-s IP_ADDRESS \
-m statistic --mode random --probability 0.5000 \
-j DROP


These are only two examples, but there many more possibilities to utilize the iptables statistic module.