Welcome to LQ Security!
Rate limiting with iptables is usually done in a two step process. As a (working) example, here are the two rules I use to restrict attempts to connect to the SSH port:
Code:
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name DEFAULT --rsource -j DROP
-A INPUT -i eth1 -p tcp -m tcp --dport 22 -m state --state NEW -m recent --set --name DEFAULT --rsource
Note that it is the first rule that does the actual dropping, while the second rule performs the set that triggers the rule chain. I am also using names for the chains, in my case DEFAULT.
Modifying these two rules for your example gives:
Code:
-A INPUT -i eth0 -p tcp -m tcp -d 192.168.19.129 -m state --state NEW -m recent --update --seconds 90 --hitcount 5 --name DEFAULT --rsource -j DROP
-A INPUT -i eth1 -p tcp -m tcp -d 192.168.19.129 -m state --state NEW -m recent --set --name DEFAULT --rsource
Here is a good introductory link that explains the mechanics of rate limiting with iptables:
http://blog.bodhizazen.net/linux/pre...with-iptables/
In answer to your other questions:
1) With these rules, the connections will be allowed to pass through, up to a point. You will need to adjust the rules according to your connections. With these rules, a particular host will be allowed to make 5 connections in 90 seconds, beyond which they will be blocked. If this server, 192.168.19.129 hosts other applications, such as web pages, these rules may impact the operation and in this case you may want to add a field for the port you wish to block.
2)Drop or Reject both work. Drop will be silent, whereas reject will respond with an ICMP message.
3) Any filtering operation will consume CPU cycles. If you implement this filter in the server itself, there will be some load, though it will be very little compared to processing the requests. If you are really concerned you should implement this filter upstream of the server, though I doubt that this will be required. No other "hardware" is required.