David S. Madole wrote: >> From Matthew Schumacher on Monday, May 21, 2007 6:35 PM >> >> I agree with Blake, while I can do it with IPtables it's not >> a good solution. >> >> The first iptables suggestion blocked the offending IP, which >> is fine, but also requires me to babysit the server. The >> second suggestion would correctly limit connections, but if >> I'm reading it right, would lump all connections together, >> not just connections per originating IP address. > > If you are talking about the suggestion I made, which looked like this: > > iptables -A INPUT -p tcp --dport 22 \ > -m state --state NEW \ > -m recent --update --seconds 60 -j DROP > > iptables -A INPUT -p tcp --dport 22 \ > -m state --state NEW \ > -m recent --set -j ACCEPT > > then you did not read it right. It limits to one connection per IP address per minute. Each source address is kept track of in enforcing the limit. Using the --hitcount option in addition to the --seconds option, you can also create limits such as a maximum of four connections in two minutes, etc. > > David > This must be something that the recent module does. I'll do some testing.... Thanks for the helpful suggestion, it looks very promising. schu ---- Cyrus Home Page: http://cyrusimap.web.cmu.edu/ Cyrus Wiki/FAQ: http://cyrusimap.web.cmu.edu/twiki List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html
