On Monday 16 June 2003 09.49, Ralf Hildebrandt wrote: > So I thought iptables --limit could do the trick. > Before I reinvent the whell, I'd like to ask if someone already has > such a "connection rate limiter per IP" in place (and how it > looks).
iptables -m limit should handle such case nicely, but you will need one rule per client IP address... Something like the following should work I think: -N SYN -A SYN -s ip.of.first.client -m limit --limit ... -j ACCEPT -A SYN -s ip.of.second.client -m limit --limit ... -j ACCEPT .... -A SYN -m limit ... -j LOG --log-prefix "SYNRATE " -A SYN -j DROP -A INPUT -p tcp --syn -J SYN Regards Henrik -- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, [EMAIL PROTECTED]
