Hi, we recently had to implement per-IP address rate limiting using iptables with conntrack and hashlimit. The goal was to block connection from rogue clients in hot retry loops. The post is written in a tutorial style, so it should hopefully be useful to new users. We're relatively new to Netfilter/iptables too, so if you have any feedback and/or corrections on the content, then please let us know. Here's the post: https://making.pusher.com/per-ip-rate-limiting-with-iptables/ Regards, Will -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
