Hi, I've set up a few basic rules to throttle SMTP traffic from an individual host should they make more than 10 connections in ten seconds: iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --set iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 10 --hitcount 10 -j LOG iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent --update --seconds 10 --hitcount 10 -j DROP Is this the correct way to do this? I notice the seconds value can't be any greater than 20. What is the reason for this? I'd like to do something like permit up to 100 messages/connections over any 60-second period. Is this possible? My hope is to block hundreds of connections on my mail server from bulk mail senders like constantcontact, as well as the flood of connections from spam bots that are rejected by zen anyway. How can I tell what rules are currently in place for a particular IP? In other words, I see log entries for the initial block, but it doesn't appear that an actual rule is added, correct? Thanks, Alex -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
