On 03/29/2010 04:35 PM, Jan Engelhardt wrote: > On Monday 2010-03-29 12:51, J. Bakshi wrote: > >> On 03/29/2010 01:48 PM, Richard Horton wrote: >> >>> On 29 March 2010 08:31, J. Bakshi <joydeep@xxxxxxxxxxxxxxx> wrote: >>> >>> >>>> iptables -A INPUT -p tcp -m state --state NEW --dport $SSH_PORT -m >>>> hashlimit \ >>>> --hashlimit 3/min --hashlimit-burst 1 --hashlimit-htable-expire 180000 \ >>>> --hashlimit-mode srcip --hashlimit-name sshlimit -j ACCEPT >>>> >>>> #----------------------------------------# >>>> >>>> As expected connection attempt more than 3 in a min is dropped and >>>> ensure only 3 connection per minute. But It should also block the source >>>> IP for 3 min and this part is not working here. >>>> > It should not block it, it's not part of the definition of the > S-TBF (or any other) limiter. You have to use -m recent as a list > to store entries once they have gone over their limit. > > Could you kindly enlighten me in that direction with possibly little examples. thanks -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
