On Tue, 2008-11-25 at 19:38 +0100, Adem wrote: > How would you code this rule in iptables: > > If anybody tries to do more than 1 connection to port 8191 > within 20 seconds, regardless of the protocol, then DROP > it and ignore any further connect attempts on that port > from that source for 20 seconds. NOTE: this is completely untested: iptables -A INPUT -p tcp --dport 8191 --match state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -p tcp --dport 8191 --match state --state NEW --match recent --name THROTTLE --set iptables -A INPUT -p tcp --dport 8191 --match state --state NEW --match recent --name THROTTLE --update --seconds 20 --hitcount 2 --rttl -j DROP Same rules for '-p udp'. Cheers, -- Matt Zagrabelny - mzagrabe@xxxxxxxxx - (218) 726 8844 University of Minnesota Duluth Information Technology Systems & Services PGP key 1024D/84E22DA2 2005-11-07 Fingerprint: 78F9 18B3 EF58 56F5 FC85 C5CA 53E7 887F 84E2 2DA2 He is not a fool who gives up what he cannot keep to gain what he cannot lose. -Jim Elliot
Attachment:
signature.asc
Description: This is a digitally signed message part