My server gets hit like continuously and LDAP just cannot handle it. uses 95% of CPU, EVEN though its not an active server. Its the backup one. so obviously someone is targeting the IP.

How do i set up an IP rule or Rules to achieve the following:

a) if a particular IP sends more than X requests a minute that are to unknown users in the lookup table, then block them out.

b) Get a LOT of smtp requests. If get more than X requests a minute then block them out too.

Any ideas how to go about this? And how do i first ensure that I will not firewall myself out. I have been warned to take care of this, but with no luck.

thanks!!

just use the limit match.

first set a rule to allow all your trused IP's
then a limit match for the rest of the world on the ports you mentioned.
then a drop to kill all conections to the ports that didnt get through the limit match.

just make sure there is a rule to allow you to login (ssh ?) to the machine from the ip address / range that you login from.

i cant write the firewall for you, i dont know enough about the network environment, but you can get all the help you need from the nam page "man iptables"