Is anyone working on the following modification to iptables? Dynamically watch for connections coming from any source IP addresses that exceeds a predefined number of connections per unit time. When seen, block all subsequent connections from that source for a predefined period of time or indefinitely. Currently, one can do this for specific predefined source IP addresses, but it would be good to have the ability to do this without having prior knowledge of the offending IP source.
