da, iti va contoriza syn-urile
Best regards, Serghei Gutanu On Fri, 17 Jun 2005, Remus Anca wrote: > Date: Fri, 17 Jun 2005 17:54:19 +0300 > From: Remus Anca <[EMAIL PROTECTED]> > Reply-To: [email protected] > To: Serghei Gutanu <[email protected]> > Subject: [rlug] Re: apache: limitare conexiuni/IP > > Hello Serghei, > > Friday, June 17, 2005, 14:39:14, you wrote: > > > SG> modprobe ipt_iplimit > SG> iptables -m iplimit --iplimit-above <nr-conexiuni> -j REJECT > --reject-with host-unreach > > > > ok. da chestia asta se refera la numarul de conexiuni efective, sau la > numarul de cereri simultane de la un acelasi IP? asta e intrebarea ... > > > pot sa o folosesc ca mai jos, si imi contorizeaza numai syn'urile? sau > la ce se refera acest ip-limit? > > $fw -N FLOOD > $fw -A FLOOD -p tcp -d 0/0 --dport 53 -j ACCEPT > $fw -A FLOOD -m iplimit --iplimit-above <nr-conexiuni> -j REJECT > --reject-with host-unreach > $fw -A FLOOD -m limit --limit 1/second -j RETURN > $fw -A FLOOD -j DROP > > $fw -P INPUT DROP > ... > $fw -A INPUT -p tcp --syn -j FLOOD > > > --- > Detalii despre listele noastre de mail: http://www.lug.ro/ > > > --- Detalii despre listele noastre de mail: http://www.lug.ro/
