elstar.com.au

Elstar Computing Discussion Forum
http://rotary.elstar.com.au/elstar_bb/

Using iptables to rate-limit incoming connections

http://rotary.elstar.com.au/elstar_bb/viewtopic.php?f=2&t=247

Page 1 of 1

Using iptables to rate-limit incoming connections

PostPosted: Tue Mar 24, 2009 6:35 am
by stephen
Using iptables to rate-limit incoming connections

See this article for a discussion on iptables and rate limiting incoming connections.

http://www.debian-administration.org/articles/187

An example is probably the simplest way to illustrate how it works. The following two rules will limit incoming connections to port 22 to no more than 3 attemps in a minute - an more than that will be dropped:


Code: Select all
iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --set

iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
  --update --seconds 60 --hitcount 4 -j DROP
All times are UTC + 10 hours
Page 1 of 1
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
http://www.phpbb.com/