* Yan Seiner ([EMAIL PROTECTED]) wrote: > > It does not come from the same IP every time, so I can't block on IP. > I'd like to block it with something like the PSD module. What I really > want to tell my firewall is this: if you see so many connections to this > port from the same IP, blackhole the IP for 30 minutes. > > Any ideas on how to do that?
The recent module can do this for you. More or less:
iptables -A FORWARD -d a.b.c.d --dport 25 -m recent --hits 10 --seconds 1800 -j DROP
It's part of patch-o-matic, CVS has a decent version. I've got a few
updates but I'm currently working on a reimplementation of the IP lookup
which will take a while longer for me to get right. Once that's
available and tested I'll post it to the netfilter-devel list.
Stephen
msg00578/pgp00000.pgp
Description: PGP signature
