"Adem" wrote: > > How would you code this rule in iptables: > > If anybody tries to do more than 1 connection to port 8191 > within 20 seconds, regardless of the protocol, then DROP > it and ignore any further connect attempts on that port > from that source for 20 seconds. The following should work, but it somehow doesn't work in iptables v1.4.1.1: ... # if anybody from the list WATCHLIST, and in the last 20 sec, tries to do new connect attempts then DROP them! /sbin/iptables -A INPUT --match recent --name WATCHLIST --rcheck --seconds 20 -j DROP # accept client at port 8191 (all protocols) and register in WATCHLIST # BUG: if "-p XXX" is left out or if instead "-p all" is used then the rule gets eliminated! /sbin/iptables -A INPUT -p all --dport 8191 --match recent --name WATCHLIST --set -j DROP ... It works only if "-p tcp" is specified. Isn't that a bug in iptables? -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
