On Tue, Jul 20, 2010 at 06:47:00PM +0530, Nilesh Govindarajan wrote: > On Tue, Jul 20, 2010 at 1:21 PM, vlad <vla@xxxxxxxxxxx> wrote: > > Hello, > > > > The recent module is good for that: > > http://www.sollers.ca/blog/2008/iptables_recent > > http://www.google.com/search?q=iptables+recent > > I have in my fw script: > > " > > $TABLES -A limitations -m recent --name RECENT_FILTER --set > > $TABLES -A limitations -m recent --name RECENT_FILTER --rcheck --hitcount 6 -j recent_allowed_input > > $TABLES -A limitations --match limit --limit $LOGLIMIT --limit-burst $LOGLIMITBURST -j LOG --log-prefix "stuff: " > > $TABLES -A limitations -m recent --name RECENT_ALLOW --set > > $TABLES -A limitations -j DROP > > > > $TABLES -A recent_allowed_input -m recent --name RECENT_ALLOW --update --seconds 300 -j ACCEPT > > $TABLES -A recent_allowed_input -m recent --name RECENT_FILTER --remove -j DROP > > " > > Then you can do smth like > > " > > $TABLES -A INPUT <....> -j limitations > > " > > to apply the rules. > > > > Vlad > > > > > > Looks good, do your HTTP users face any problem with it? Don't know. I use this only with ssh and music deamon. Simply try. >
