Corin Langosch wrote: > > Hi all, > > unluckily my apache sometimes gets bombed with new connections and so doesn't work > anymore. I think this is a DOS attack from some stupid guy out there... > > Just thought iptables could help me out here. > Is it possible (and how) to only allow say 5 new connectios per second for > an ip address ?
Sure: # limit connections from outside to 4 per C block $IPTABLES -A INPUT -p tcp --source $OUTSIDE --syn -m iplimit --iplimit-mask 24 --iplimit-above 4 -j LOGDROP == or == # block floods from same IP $IPTABLES -A INPUT -p tcp --syn --source $OUTSIDE -m recent --hitcount 10 --update --seconds 60 -j LOGDROP I use both. Also look at the limit module. >Would this be enough for a normal apache user or would he get > connection errors ? No idea; I don't run apache. --Yan -- Future fighter pilots: Me: Akari, WHAT are you DOING? Akari, age 3: Pushing the envelope. spam killer code kpwq1jkcsEzdx39gnkVvgycd15ayqq (see http://www.paganini.net/ask)
