John Jung wrote:
Hi,
I'm new to IP Tables in general, but I've been able to whack away at
the rules to get connlimit to do what I want. Now I'm trying to do
something more sophisticated, but it doesn't seem to work.
My ultimate goal is to allow most Web users to access my site, but
to slow down the abusers. So, for example, I want to let in the first
10 HTTP connections in, and then after that, limit that IP to only 20
connections per minute afterwards. (And then after a certain point,
connlimit will block any additional connections by that IP.)
I'm using a vanilla 2.6.21.3 Linux kernel, but I can't figure out
how to do it.
I think hashlimit is the key, but it really just doesn't want to
work for me. For example, I've tried:
iptables -A INPUT -p tcp --dport 23 -m hashlimit --hashlimit 1/hour
--hashlimit-mode srcip --hashlimit-burst 1 --hashlimit-name test
-j REJECT
but I can open up more than 1 telnet session in under a minute, let
alone an hour.
I've read and re-read the hashlimit man page, tried various
arguments that I've found on on the Web, all to now avail.
Any and all suggestions are welcomed.
If you're using iptables, what OS are you using? Why are you using the
telnet port (23)? instead of the SSH port (22)?
--
<img src='http://www.danasoft.com/sig/spoonssig.jpg' />
--------------------------------------------------
RCHQ Hobbies cc
http://www.rchq.co.za and http://store.rchq.co.za
Fax: +27 86 652 2773 eMail: admin@xxxxxxxxxx
P O Box 10376, Vorna Valley, Midrand, 1686
--------------------------------------------------
