I have CentOS and iptables with GeoIP module enabled,
So far I have this rule working which works perfect:
iptables -I INPUT -m geoip --src-cc GB -j DROP;
But i need to make it more complex:
Before dropping traffic I need to:
allow up to a connection limit of 50 for the entire country.
allow up to 30 requests/second to the entire country.
drop the particular IPs with -m recent and a timeout of 3800 for those
IPs from that country that violated that limit.
And finally log whatever has been dropped with excessive logging protection.
A plus.. if I can get to DROP the entire class C (/24) of the
offending IP that violated the limits instead of just the /32
My idea is to get a working example so that I can apply it to other
countriesor groups of contries based on my traffic.
Guys an example of this is much appreciated!!
Regards,
Joseph
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
