On Mon, January 10, 2005 8:08 pm, Jorge Agrelo said: > Can I replace this two rules > > iptables -A INPUT -p tcp --syn -m limit --limit 1/s --limit-burst 4 -j > ACCEPT > iptables -A INPUT -p tcp --syn -j DROP > > For only this one? (Using negation) > > iptables -A INPUT -p tcp --syn -m limit ! --limit 1/s --limit-burst 4 -j > DROP Unfortunately, you can't without a bit of hacking. If it happens you would, just grab ipt_limit.c and search for: /* We're underlimit */ Change the return codes so it returns 0 when 'underlimit', otherwise, 1. Am sorry if this is straigh, I am at work. Note that this won't add '!' support but just doesn't match unless it bursts the limit. By the way, do you want to limit as soon as you receive more than 1/s packet regardless of the source address? > > Thanks in advanced HTH, Samuel
