Sascha Reissner wrote: > iptables -I INPUT -i <interface> -p <protocol> --dport <port> -m state > --state NEW -m recent --set > iptables -I INPUT -i <interface> -p <protocol> --dport <port> -m state > --state NEW -m recent --update --seconds 60 --hitcount 3 -j DROP > Okay you might run into problems if people use forged source ip adresses > since this would also block _new_ connection requests from this ip. > > If someone has a smarter idea - let me know. Why don't you add the "--rttl" parameter to the recent match extension. Here is a quote from "iptables -m recent -h" output explaining it "For check and update commands above. Specifies that the match will only occur if the source address and the TTL match between this packet and the one which was set. Useful if you have problems with people spoofing their source address in order to DoS you via this module." Grant. . . .
