>
>
>Any way to dynamicly configure iptables in such an event if 6 or so different ports
>are scanned within a certain time, all ports are shut off to that IP ?
>
That's partially handled by iptable's limit module. For instance,
iptables -A INPUT -p tcp --dport 80 -m limit --limit 1/s --limit-burst 1
-j ACCEPT
will allow HTTP packets through, so long as no more than 1 per
second arrive. It doesn't set up a permanent rule to block IPs, but
nonetheless works very well. You can even do
iptables -A INPUT -p tcp --dport 80 -m limit --limit 1/s --limit-burst 3
-j ACCEPT
which has the same effect, but for each idle second another access
is accumulated, per second, to a maximum of three per second. This works
a little better, since HTTP connections tend to come in bursts.
HJ Hornbeck
