Hello, up to CentOS 5.3 it was possible, to control new ip connections by "recent", "seconds" and "hitcount" -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -m recent --update --seconds 60 --hitcount 1000 -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT so that - short time high new connections rate for the web server where accepted, but not over a longer time. E.g. CentOS 5.8 or CentOS 6.2 accept only -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 -A INPUT -m state --state NEW -m recent --update --seconds 1 --hitcount 15 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " -A INPUT -p tcp -m tcp --dport 80 -m state --state NEW -m recent --update --seconds 1 --hitcount 15 -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT So a complex web page with many small icons e.g. webmail pages initiate the log in line 2 and drop in line 3 . hitcount does not accept values of 25 or above: [root@server ~]# iptables -A INPUT -m state --state NEW -m recent --set -p tcp --dport 80 [root@server~]# iptables -A INPUT -m state --state NEW -m recent --update --seconds 1 --hitcount 25 -p tcp --dport 80 -j LOG --log-prefix "FW DROP IP Flood: " iptables: Unknown error 4294967295 what can i do to protect the web server? Is there any any configuration parameter to increase the values for hitcount? Best regards Helmut Drodofsky -- Viele Grüße Helmut Drodofsky Internet XS Service GmbH Heßbrühlstraße 15 70565 Stuttgart Geschäftsführung Dr.-Ing. Roswitha Hahn-Drodofsky HRB 21091 Stuttgart USt.ID: DE190582774 Tel. 0711 781941 0 Fax: 0711 781941 79 Mail: info@xxxxxxxxxxxxxx www.internet-xs.de _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos