On 11/27/07 15:28, Quartexx wrote:
is possible to use stateful tracking options?
Yes
I mean set limits related to filter rules that create state entries;
for example: limit the number of source IP addresses that can
simultaneously create state, or limit the rate of new connections to
a certain amount per time interval.
I'd say that you could do something with the recent match extension /
target. This would allow you to do some things in conjunction to
whether or not a given source ip address in in a given recent list (you
can have multiple) or not in a (user) specified amount of time.
You would end up checking a recent list to see if the given source
qualifies to alter state or not.
Grant. . . .
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
