Hello, I used to rate limit the number of incoming HTTP connections in Etch, using these iptables statements:
iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m recent --set --name HTTP iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 --name HTTP -j LOG --log-prefix "HTTP_DoS " iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 2 --hitcount 50 --name HTTP -j DROP iptables -A INPUT -i eth0 -p tcp --dport 80 -j ACCEPT The second statement gives this in Lenny: iptables: Invalid argument The only way to get iptables to accept this statement is to remove the hitcount. This works just fine: # iptables -A INPUT -i eth0 -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 2 --name HTTP -j LOG --log-prefix "HTTP_DoS " but it does not do what I need. Any idea? Regards, Guillaume Tamboise -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
