You can also allow ping requests and limit the rate and packet size,
which gives you the niceties of being able to determine some level of
connectivity, whilst reducing scope for abuse.
You can rate limit by source IP address with the "recent" module. For
example the following rules limit new SSH connections to 20 per minute
from the same IP address:
iptables -P INPUT DROP
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m recent --name ssh --rcheck --hitcount 20 --seconds
60 -j DROP
iptables -A INPUT -p tcp --dport ssh -m recent --name ssh --set -j ACCEPT
Thanks,
Nicholas
--
SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/
Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
