Ahh, I was wondering about this. I had put the limit rule in place and the drop after it, and found that it apparently shut everything out. So do I need to do all three then?
Establish rule Limit rule Drop rule
In that order?
<EOL> Tib
On Wed, 26 Jan 2005, Mark Moseley wrote:
I'm guessing maybe you don't have a rule above that accepts established connections? e.g. iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state ESTABLISHED -j ACCEPT
If you don't have that, your established connection will soon deplete the 6/hr packets as well.
Though, as Jason mentioned, you probably want to poke a hole or two through for select known-good IPs.
