Hello, I'm trying to implement a rate limiting for my machine using iptables. The use case is to do 2 things: 1) block traffic from the same ip+port combination for 15 minutes if it gets more than 10 hits per minute. 2) block traffic from the same ip for 30 minutes if it gets more than 80 hits per minute. For this I'm currently using these rules: 1) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit --hashlimit-above 10/minute --hashlimit-burst 10 --hashlimit-mode srcip,dstport --hashlimit-name test10 --hashlimit-htable-expire 900000 -j ACCEPT 2) -A PREROUTING -p tcp -m tcp -m state --state NEW -m hashlimit --hashlimit-above 80/minute --hashlimit-burst 80 --hashlimit-mode srcip --hashlimit-name test80 --hashlimit-htable-expire 1800000 -j ACCEPT But it's not quite working, as soon as it gets on the list, if you get another hit the timer gets reset to the default expire time and it gets blocked on the first try even if after the expire. So are there any suggestions on how to achieve the use case or what i'm doing wrong? Thank you, Francisco