>> $ipt -A [INPUT|FORWARD] -i $IF_LAN -m state --state NEW -s $LAN_NET \ >> -p tcp --syn -m limit --limit 3/sec -j ACCEPT > > If just ONE host from my $LAN_NET will exceed this limit, then ALL > hosts in $LAN_NET will not able to start new session... and this is > bad. I want to limit 3/sec per host, not for all net.... Yes.. :-\ Maybe this post is of help then. http://www.linux-noob.com/forums/index.php?showtopic=1829 Gr, Rob
