On 03/29/2010 05:24 PM, Richard Horton wrote: >> Could you kindly enlighten me in that direction with possibly little >> examples. >> >> > # Generated by iptables-save v1.4.5 on Mon Mar 29 12:04:05 2010 > *filter > :INPUT ACCEPT [1:68] > :FORWARD ACCEPT [0:0] > :OUTPUT ACCEPT [1:68] > -A INPUT -p tcp -m hashlimit --hashlimit-above 3/min --hashlimit-burst > 1 --hashlimit-name hashlimit -m state --state NEW -m tcp --dport 22 -j > MARK --set-xmark 0x1/0xffffffff > -A INPUT -m recent --rcheck --seconds 600 --name DEFAULT --rsource -j DROP > -A INPUT -m mark --mark 0x1 -m recent --set --name DEFAULT --rsource -j DROP > COMMIT > # Completed on Mon Mar 29 12:04:05 2010 > > Should do what you're looking for... > > Rule 1: Check the hashlimit and if more than 3/min then mark the packets. > > Rule 2: Check the recent table to see if the address is in it and has > been seen in the last 10 mins and drop if it has > > Rule 3: If the packet has been marked by rule 1 (actually could be > combined with rule one just gets to a long line and a mess to explain) > add the source address (the --set option of recent) and drop. > > Unfortunately the rules are not working with default DROP iptables :-( -- জয়দীপ বক্সী -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
