On 03/29/2010 01:48 PM, Richard Horton wrote: > On 29 March 2010 08:31, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: > >> iptables -A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -m >> hashlimit \ >> --hashlimit 3/min --hashlimit-burst 1 --hashlimit-htable-expire 180000 \ >> --hashlimit-mode srcip --hashlimit-name sshlimit -j ACCEPT >> >> #----------------------------------------# >> >> As expected connection attempt more than 3 in a min is dropped and >> ensure only 3 connection per minute. But It should also block the source >> IP for 3 min and this part is not working here. Could any one kindly >> suggest any clue or reason behind this ? >> > > Unless you have other rules floating around all the rule does is allow > upto 3 connections per minute to ssh based on source-ip. It won't > block other connections from that source ip, just the ssh ones which > exceed your defined limit (3/min). > > I'd guess from your comments there are additional rules, without > seeing them though very hard to work out what is wrong as all I can > say is that rule does its job... blocking ssh > 3 connection attempts > per min per soucre ip. > > Thanks for your attention. Yes, I have already mentioned that it does the overflow restriction i.e. 3 connection/per min/per src ip But additionally it should block that ip for 3 min as ``````````` --hashlimit-htable-expire 180000 ``````````` Unfortunately it is not doing that. -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
