Rob Finneran wrote: > > Hello, > > Is there anyway to set netfilter to block when there are a number half > opened connections (with a status of SYN_RECV) in the queue with the SAME > source address (spoofed or otherwise) waiting for and ACK (that never > arrives)? > I'd like to reject and reset any further connection attempts, at least for a > period of time.
See the recent module. Here's what I do: $IPTABLES -v -A INPUT -p tcp --source $OUTSIDE -m recent --hitcount 10 --update --seconds 60 -j LOGDROP to drop more than 10 connections from the same IP within 60 seconds. Works like a charm. --Yan -- Future fighter pilots: Me: Akari, WHAT are you DOING? Akari, age 3: Pushing the envelope. 4:56am up 8 days, 22:23, 20 users
