Zitat von Secure-SIP-Server <info@xxxxxxxxxxxxxxxxxxxxx>:
Hi Alex!
I've set up a few basic rules to throttle SMTP traffic from an
individual host should they make more than 10 connections in ten
seconds:
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
recent --set
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
recent --update --seconds 10 --hitcount 10 -j LOG
iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m
recent --update --seconds 10 --hitcount 10 -j DROP
Is this the correct way to do this? I notice the seconds value can't
be any greater than 20. What is the reason for this? I'd like to do
something like permit up to 100 messages/connections over any
60-second period. Is this possible?
You can't at TCP/IP level. Modern Mailserver are able to push a lot of
messages in *one* TCP/IP session (ESMTP). You can handle the max.
number of new connections/time (recent) and the max. number of
parallel connections at a given time (connlimit), but not the number
of messages with iptables or any other TCP/IP based filter.
Regards
Andreas
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
