On Wed, Mar 06, 2002 at 04:59:21AM -0500, Yan Seiner wrote: > Rob Finneran wrote: > > > > Hello, > > > > Is there anyway to set netfilter to block when there are a number half > > opened connections (with a status of SYN_RECV) in the queue with the SAME > > source address (spoofed or otherwise) waiting for and ACK (that never > > arrives)? > > I'd like to reject and reset any further connection attempts, at least for a > > period of time. > > See the recent module. > > Here's what I do: > > $IPTABLES -v -A INPUT -p tcp --source $OUTSIDE -m recent --hitcount 10 > --update --seconds 60 -j LOGDROP
You may want to tweak the 'hitcount' as some pages do have more than 10 components to fetch... Ramin > > to drop more than 10 connections from the same IP within 60 seconds. > Works like a charm. > > --Yan > > -- > Future fighter pilots: > Me: Akari, WHAT are you DOING? > Akari, age 3: Pushing the envelope. > 4:56am up 8 days, 22:23, 20 users
