> Hi, > > Is it possible to use iptables as hammeprotection ? > > I want to deny a user who has just logged off .. for about 10seconds. > i think this is a application-logic-thing which can't be implemented that easy only by one iptables-line > I tried with this, but that didn't work. Maybe my mind is going > completely in the wrong direction today? =) > > iptables -I INPUT -i eth0 -p tcp -s 0/0 -d $my_ip --dport 21 -m limit > --limit 10/second --limit-burst 1 --tcp-flags ALL SYN -j ACCEPT > this rule blocks (afaik) every request after the 10th/second, no matter s.o logged off or on ... i think what u want must be done on application-level or with an "magic) (and dirty) script which watches the ftp-log if s.o loggs off, grep's it's ip and then blocks it for 10 seconds but that not only sounds ugly :) > Greetings, > > Joachim > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
