I forget where I got the idea for this but you may want to try something like this to limit the udp connections on 5060:
FILE=/etc/rc.local echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --set">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 3600 --hitcount 100 -j DROP">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 600 --hitcount 20 -j DROP">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 300 --hitcount 10 -j DROP">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 180 --hitcount 5 -j DROP">>$FILE echo "iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 3 -j DROP">>$FILE To try it out you don't have to put it in the rc.local file, just execute the commands as root. Example: /sbin/iptables -A INPUT -p udp --dport 5060 -i eth0 -m state --state NEW -m recent --set -- Regards -------------------------------------- Gerald Drouillard Technology Architect Drouillard & Associates, Inc. http://www.Drouillard.biz _______________________________________________ sipx-users mailing list sipx-users@list.sipfoundry.org List Archive: http://list.sipfoundry.org/archive/sipx-users/
