Am 03.02.2012 13:45, schrieb Alex: > I had previously done something like this with iptables, but it was > mostly ineffective: > > iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent > --set > iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m > recent --update --seconds 20 --hitcount 5 -j DROP
why in the world do you DROP here instead notify the remote machine with REJECT that you did not accept the connection? DROP is nice for NULL-Portscans and such things but even useless for protscan-triggers and blocking after that any incoming connection for some seconds because you let run the remote machine in a timeout and after that your blocking on other ports has also timeouted on the other hand the following exists in postfix anvil_rate_time_unit = 1800s smtpd_client_connection_rate_limit = 50
signature.asc
Description: OpenPGP digital signature
