I'am using the iplimit module (from latest patch-o-matic) with 2.4.20pre8. The only iptables rule is: iptables -A INPUT -p tcp --syn --dport 21 -m iplimit --iplimit-above 1 -j REJECT everything seems to work fine - the 2nd connection is rejected, but some hosts are still logged into my ftp server with more than one session!?! I changed the rule: iptables -A INPUT -p tcp --syn --dport 21 -m iplimit --iplimit-above 1 -j DROP and no any limits any more - the first syn packet is silently dropped, but the retransmitted packet is accepted! Propably the first rule works the same way - if client ignores the rejecting packet (or it is dropped by network) he/she can bybass the limit. Any ideas to fix it? romp
