Max conn. limit with Iptables.

crime · 04-25-2008, 09:12 AM

Hello guys.

I am getting some attacks to my linux box. I have iptables installed but I didnt use it. But now I have to use I think

I think their attacking method opens connections to my IPs. And every connection has different source ports. Like;

x.y.z.c:2810
x.y.z.c:2811
x.y.z.c:2812
..

So I have to limit IPs that opens connections more than one port. The destination port is 27015.

Here is my try to block more than 3 connecions in 3 seconds. It doesnt work. I dont know how to specify amount of ports that can be connect at that moment.

iptables -I INPUT -p tcp --dport 27015 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 27015 -m state --state NEW -m recent --update --seconds 3 --hitcount 3 -j DROP

dkm999 · 04-25-2008, 12:37 PM

According to my manpage, the --set option will always return success (which I think means that it causes the rule evaluation to stop on that chain). So try putting the --update rule first, and the --set rule second.

zerg4141 · 04-25-2008, 05:47 PM

>Here is my try to block more than 3 connecions in 3 seconds. It doesnt >work. I dont know how to specify amount of ports that can be connect at >that moment.
>
>iptables -I INPUT -p tcp --dport 27015 -m state --state NEW -m recent >--set
>iptables -I INPUT -p tcp --dport 27015 -m state --state NEW -m recent >--update --seconds 3 --hitcount 3 -j DROP

==================================================

try this:

iptables -A INPUT -m recent --name BAD_JUJU --update --seconds 3 --hitcount 3 -j DROP
iptables -A INPUT -p tcp --dport 27015 -m state --state NEW -m recent --name BAD_JUJU --set -j ACCEPT