I used to rate limit the number of incoming HTTP connections in Etch,
using these iptables statements:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m
recent --set --name HTTP
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m
recent --update --seconds 2 --hitcount 50 --name HTTP -j LOG
--log-prefix "HTTP_DoS "
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m
recent --update --seconds 2 --hitcount 50 --name HTTP -j DROP
iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT
The second statement gives this in Lenny:
iptables: Invalid argument
The only way to get iptables to accept this statement is to remove the
hitcount. This works just fine:
# iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m
recent --update --seconds 2 --name HTTP -j LOG --log-prefix "HTTP_DoS "
but it does not do what I need.
Any idea?
Regards,
Guillaume Tamboise
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment