The operating system must configure the uncomplicated firewall to
rate-limit impacted network interfaces.
Check all the services listening to the ports with the following
command:
$ sudo ss -l46ut
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process
tcp LISTEN 0 128 [::]:ssh [::]:*
For each entry, verify that the ufw is configured to rate limit the
service ports with the following command:
$ sudo ufw status
If any port with a state of "LISTEN" is not marked with the "LIMIT"
action, run the following command, replacing "service" with the
service that needs to be rate limited:
$ sudo ufw limit "service"
Rate-limiting can also be done on an interface. An example of adding
a rate-limit on the eth0 interface follows:
$ sudo ufw limit in on eth0