>*raw >:PREROUTING ACCEPT [0:0] >:OUTPUT ACCEPT [0:0] >:limitban - [0:0] >-A PREROUTING ! -i lo -p tcp -m conntrack --ctstate NEW -j limitban >-A limitban -m set --match-set banned src -j DROP >-A limitban -m hashlimit --hashlimit-above 10/min --hashlimit-mode srcip --hashlimit-name test10 -j SET --add-set banned src --timeout 900 >-A limitban -m hashlimit --hashlimit-above 80/min --hashlimit-mode srcip --hashlimit-name test80 -j SET --add-set banned src >-A limitban -m set --match-set banned src -j DROP >COMMIT >For this ruleset to be loadable, you'll first need to create the ipset that it references. ># ipset create banned hash:ip timeout 1800 Regarding not mentioning the tables, I was using *nat table for the PREROUTING and before tried to use the DROP rules on the *filter table, which was not dropping the traffic. Ok so the ipset suggestion worked! The current setup that worked is putting the DROP rules on the *raw table PREROUTING and the SET rules on the *nat table PREROUTING. Also created 1 ipset for each use case. Thank you very much for the help! <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Sem vírus.www.avg.com <http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> <#DAB4FAD8-2DD7-40BB-A1B8-4E2AA1F9FDF2>
