On 29 March 2010 08:31, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > > iptables -A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -m > hashlimit \ > --hashlimit 3/min --hashlimit-burst 1 --hashlimit-htable-expire 180000 \ > --hashlimit-mode srcip --hashlimit-name sshlimit -j ACCEPT > > #----------------------------------------# > > As expected connection attempt more than 3 in a min is dropped and > ensure only 3 connection per minute. But It should also block the source > IP for 3 min and this part is not working here. Could any one kindly > suggest any clue or reason behind this ? Unless you have other rules floating around all the rule does is allow upto 3 connections per minute to ssh based on source-ip. It won't block other connections from that source ip, just the ssh ones which exceed your defined limit (3/min). I'd guess from your comments there are additional rules, without seeing them though very hard to work out what is wrong as all I can say is that rule does its job... blocking ssh > 3 connection attempts per min per soucre ip. R. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
