On Fri, Feb 28, 2003 at 07:48:50AM +0000, SB CH wrote: > Hello all. > > I would like to limit the connection number per ip > using iptables extension function. > for example, one can connect the firewall behinded server just 10 per a > hour. > > Is it possible to set using iptables? You can use the limit-match for this: iptables -A FORWARD -s $LIMITED_HOST -d $DESTINATION \ -m state --state NEW -m limit --limit 10/hour -j ACCEPT But you need some dropping/rejection rule later as well. And be sure that you have some rule which allows ESTABLISHED connections, like iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT But i think that's more a work for some application-proxy like Squid... > thanks in advance. Hope that helps, Alex -- "Mr Data, when I said 'Fire at Will', I didn't mean for you to be so literal." Instructions for use of this post: Insert tounge in cheek. Read as normal.
Attachment:
pgp00361.pgp
Description: PGP signature