Hi, I've been listennig the list for the last 3 months and i'm using iptables, ip, tc, etc... and learning to love it. Now i've read about an experimental netfilter "psd" that needs a patch and that can detect inbound port scans with rules like: iptables -t nat -A PREROUTING -i eth0 -d x.x.x.x -m psd -j DROP Than i see "iplimit" (-m iplimit) also experimental and the best one is that patch that allows us to filter based in the content of the packet (-m string). Questions: Are these still experimental? If so, are they supposed to go into real kernel soon? And last but not least: How can i implement all these rules? Is there a patch for all of then or i have to patch each one of them? I'm starting from a RH 7.2 vanilla kernel, are there any places where i can find cook recipes on how to implement them? Which machine (processor/memory) holds all of then working for a 2 Mgs internet connection? Thanks in advance for your time. Roberto Campos ____________________________________________ Meu Provedor Tecnologias e Informática Ltda. Rua Camerino, 128 Grs. 302 Centro - Rio de Janeiro - RJ - CEP 20080-010 Tel.: 55 21 25181011 (PABX/FAX) Telefone Móvel - Celular: 55 21 91978284
