Hi Curby thank you for your reply SIP server and sip endpoint is in the same LAN so what do you think about network lantency do i test with this: -A INPUT -p udp -i eth0 --dport 5060 -m hashlimit --hashlimit 70/minute --hashlimit-burst 10 --hashlimit-mode srcip,srcport --hashlimit-name "cucku" -m string --string "REGISTER sip:" --algo bm --to 80 -j ACCEPT the iptables still drop packet i checked again the man page and see : [--hashlimit-htable-gcinterval] interval between garbage collection runs could you guide me how to use it Thank you Ha` ----- Original Message ---- From: Curby <curby@xxxxxx> To: ha do <haloha201@xxxxxxxxx> Cc: netfilter@xxxxxxxxxxxxxxx Sent: Wed, July 14, 2010 3:39:51 PM Subject: Re: Help!!! iptables hashlimit On Wed, Jul 14, 2010 at 2:03 AM, ha do <haloha201@xxxxxxxxx> wrote: > i just setup the hashlimit for SIP REGISTER on iptables and the rule is: > -A INPUT -p udp -i eth0 --dport 5060 -m hashlimit --hashlimit 1/minute > --hashlimit-burst 2 --hashlimit-mode srcip,srcport --hashlimit-name "cucku" >-m > string --string "REGISTER sip:" --algo bm --to 80 -j ACCEPT > i want the iptables just to accept 2 REGISTER packets per minute on per IP > address:port There might be other issues, but you need hashlimit 2/minute to accept 2 packets per minute. Having a burst of 2 by itself is not sufficient. Sometimes, due to network latency or other timing issues, you need to be even more accepting. For example, I've found that accepting "well-behaved" pings requires a minimum hashlimit of 61/min with burst of 2. When I lower either setting, iptables starts dropping the occasional ping packet. --Mike -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html