On Monday 16 June 2003 09.49, Ralf Hildebrandt wrote:
> So I thought iptables --limit could do the trick.
> Before I reinvent the whell, I'd like to ask if someone already has
> such a "connection rate limiter per IP" in place (and how it
> looks).
iptables -m limit should handle such case nicely, but you will need
one rule per client IP address... Something like the following should
work I think:
-N SYN
-A SYN -s ip.of.first.client -m limit --limit ... -j ACCEPT
-A SYN -s ip.of.second.client -m limit --limit ... -j ACCEPT
....
-A SYN -m limit ... -j LOG --log-prefix "SYNRATE "
-A SYN -j DROP
-A INPUT -p tcp --syn -J SYN
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Jun 16 2003 - 02:43:54 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:17:22 MST