On Wed, 15 May 2002 20:47:33 +0200 (CEST) Maciej Soltysiak <[EMAIL PROTECTED]> wrote: > > When i set a limit to REJECT like this: > > -A INPUT -p tcp -m tcp --tcp-flags SYN,RST SYN,RST -m limit --limit 1/min -j REJECT > > --reject-with tcp-reset > > > > i set limit to reject packets that i send or to packets i receive? > This rule will REJECT with TCP reset every incomming packet to the host > that hits the 1/min limit (+burst) with both SYN and RST flags SET. > > The rest depends on your policy. > > I do not think that this is what you want. Yes you are right, i want to set limit fot this packets and then reject them with a limit with tcp-reset.In order to protect my bandwidth from syn attacks and replies for that attacks. I think that i have create 2 rules,one to limit them and the second one to reject them. Right? PAvlos
-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ I love having the feeling of being in control while i have the sensation of speed The surfer of life ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
