taken from: http://www.cs.princeton.edu/~jns/security/iptables/
## SYN-FLOODING PROTECTION # This rule maximises the rate of incoming connections. In order to do this we divert tcp # packets with the SYN bit set off to a user-defined chain. Up to limit-burst connections # can arrive in 1/limit seconds ..... in this case 4 connections in one second. After this, one # of the burst is regained every second and connections are allowed again. The default limit # is 3/hour. The default limit burst is 5. # iptables -N syn-flood iptables -A INPUT -i $IFACE -p tcp --syn -j syn-flood iptables -A syn-flood -m limit --limit 1/s --limit-burst 80 -j RETURN iptables -A syn-flood -j LOG --log-prefix "syn-flood-protection: " iptables -A syn-flood -j DROP Regards Jay -----Original Message----- From: Ralf Hildebrandt [mailto:[EMAIL PROTECTED] Sent: Monday, 16 June 2003 4:45 PM To: [EMAIL PROTECTED] Subject: Re: [squid-users] iptables to limit connections * Henrik Nordstrom <[EMAIL PROTECTED]>: > > So I thought iptables --limit could do the trick. > > Before I reinvent the whell, I'd like to ask if someone already has > > such a "connection rate limiter per IP" in place (and how it > > looks). > > iptables -m limit should handle such case nicely, but you will need > one rule per client IP address... Something like the following should > work I think: > > -N SYN > -A SYN -s ip.of.first.client -m limit --limit ... -j ACCEPT > -A SYN -s ip.of.second.client -m limit --limit ... -j ACCEPT > .... > -A SYN -m limit ... -j LOG --log-prefix "SYNRATE " > -A SYN -j DROP > -A INPUT -p tcp --syn -J SYN Yes, but this requires identifying the evil client. -- Ralf Hildebrandt (Im Auftrag des Referat V a) [EMAIL PROTECTED] Charite Campus Mitte Tel. +49 (0)30-450 570-155 Referat V a - Kommunikationsnetze - Fax. +49 (0)30-450 570-916 AIM: ralfpostfix