On another note; I was criticized for using -m limit --limit 2/minute -p tcp --dport 22 which was too perceived as too restrictive by some (or just one). Anyway, I've looked closer into the manpage of dstlimit and I would be glad to exchange my lines with -m dstlimit --dstlimit 2/minute --dstlimit-mode srcip-dstip -p tcp --dport 22 Comments please :) Jan Engelhardt -- | Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen, | Am Fassberg, 37077 Goettingen, www.gwdg.de
