Pascal Hambourg wrote: > Hello, > > J. Bakshi a écrit : > >> check limit ( say 10/min) --> check connlimit ( 2 per ip ) --> check >> hashlimit ( 2 attempt per min) ---> ACCEPT. >> >> I have made a chain called sshrate but don't find the way to append the >> rules in that chain one by one. If I simply append the rules as accept >> then the very first rule is working bypassing the other two and my >> objective is to pass the rules in a pipe one by one and finally accept >> the valid packets. Could any one enlighten me in that direction ? >> > > DROP (or REJECT) packets which fail early checks if possible : > > -A sshrate -m <!check1> -j DROP > -A sshrate -m <!check2> -j DROP > -A sshrate -m <check3> -j ACCEPT > > or put all checks in the same rule if possible : > > -A sshrate -m <check1> -m <check2> -m <check3> -j ACCEPT > Very nice. The second one is really nice. many many thanks. > or cascade chains : > > -A sshrate -m <check1> -j check1ok > -A check1ok -m <check2> -j check2ok > -A check2ok -m <check2> -j ACCEPT > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html > > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
