Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: iptables: User

Block an IP if there is number of connection within a time limit ??

  

 
iptables user RSS feed   Index | Next | Previous | View Threaded


bipindas.k at ditro

Jun 26, 2007, 10:12 PM

Post #1 of 3 (914 views)
Permalink
Block an IP if there is number of connection within a time limit ??
Dear List,

I do have a Exim mail server with IPTABLES and TCP WRAPPER as firewall.
Yesterday I had noticed that,there is continuous smpt connection from an
IP. I would like to block these IP,if there is more than 10 connection
in 30 second. Is this possible using IPTABLES command. If yes,Please
guide me.

Thanks in Advance
--


gtaylor at riverviewtech

Jun 26, 2007, 10:18 PM

Post #2 of 3 (857 views)
Permalink
Re: Block an IP if there is number of connection within a time limit ?? [In reply to]
On 6/27/2007 12:12 AM, Ditro - BipinDas wrote:
> I do have a Exim mail server with IPTABLES and TCP WRAPPER as
> firewall. Yesterday I had noticed that,there is continuous smpt
> connection from an IP. I would like to block these IP,if there is
> more than 10 connection in 30 second. Is this possible using IPTABLES
> command. If yes,Please guide me.

Use the IPTables "recent" match extension to match on newly established
SMTP sessions and reject them if there have been more than 10 in the
last 30 seconds.



Grant. . . .


debjuanca at gmail

Jun 27, 2007, 8:55 AM

Post #3 of 3 (858 views)
Permalink
Re: Block an IP if there is number of connection within a time limit ?? [In reply to]
2007/6/27, Grant Taylor <gtaylor [at] riverviewtech>:
> On 6/27/2007 12:12 AM, Ditro - BipinDas wrote:
> > I do have a Exim mail server with IPTABLES and TCP WRAPPER as
> > firewall. Yesterday I had noticed that,there is continuous smpt
> > connection from an IP. I would like to block these IP,if there is
> > more than 10 connection in 30 second. Is this possible using IPTABLES
> > command. If yes,Please guide me.
>
> Use the IPTables "recent" match extension to match on newly established
> SMTP sessions and reject them if there have been more than 10 in the
> last 30 seconds.

iptables -I INPUT -p tcp --dport 25 -i eth0 -m state --state NEW -m recent \
--update --seconds 30 --hitcount 10 -j DROP


>
>
>
> Grant. . . .
>
>

iptables user RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.