Hi,
I'm new to IP Tables in general, but I've been able to whack away at the
rules to get connlimit to do what I want. Now I'm trying to do something
more sophisticated, but it doesn't seem to work.
My ultimate goal is to allow most Web users to access my site, but to slow
down the abusers. So, for example, I want to let in the first 10 HTTP
connections in, and then after that, limit that IP to only 20 connections per
minute afterwards. (And then after a certain point, connlimit will block any
additional connections by that IP.)
I'm using a vanilla 2.6.21.3 Linux kernel, but I can't figure out how to
do it.
I think hashlimit is the key, but it really just doesn't want to work for
me. For example, I've tried:
iptables -A INPUT -p tcp --dport 23 -m hashlimit --hashlimit 1/hour
--hashlimit-mode srcip --hashlimit-burst 1 --hashlimit-name test
-j REJECT
but I can open up more than 1 telnet session in under a minute, let alone
an hour.
I've read and re-read the hashlimit man page, tried various arguments that
I've found on on the Web, all to now avail.
Any and all suggestions are welcomed.
Thanks.
John
--
+-------------------------------------+-------------------------------------+
| John Jung (john.j.jung@xxxxxxxxxxx) | Siemens Automation and Drives |
| Support Engineer | UGS PLM Software |
| Customer Support - GTAC | 10824 Hope Street, MS: 1177 |
| Operating Systems Group | Cypress, California 90630 |
+--------------------------- +1 (800) 955-0000 -----------------------------+