Marek Kierdelewicz wrote: > Hello, > > >> Any clue ? >> > > You're on the right track. Just use "hashlimit" module instead of > "limit".Use option "--hashlimit-mode srcip". All necessary info is in > iptables manpage. > Thanks a lot, what about this ruleset ? iptables -A INPUT -p tcp --syn -m hashlimit \ --hashlimit 1/sec --hashlimit-burst 4 --hashlimit-htable-expire 300000 \ --hashlimit-mode srcip --hashlimit-name testlimit -j ACCEPT iptables -A INPUT -j DROP The concept here the blocked ip doing the syn-flood will be blacklisted for 5 min and will be checked again after that interval. > Best regards, > Marek > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html