So this is what I use in pf:
And cron does:
So the question is how do I accomplish the same with iptables? I can't seem to figure that out.
I found some solution in teh interwebz, but to be honest, I don't quite understand them and I'm not going to copy/paste stuff I don't understand from sites I've never heard of.
For example from [url]http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html[/url]
Why is the source port defined? Is that necessary?
Why do explicitly give the states? and why NEW and ESTABLISHED and not just one?
Is this *really* the easiest and most straightforward way to accomplish this?
... Maybe someone with more experience can explain this to me ... :o
I spent pretty much all day configuring our new CentOS VPS at work ... We needed to get that up and running today and the only guy who knows CentOS/Linux had a day off today :-/
There were quite a few surprises along the way, and my head is itchy from being scratched so much ...
table <oloadtbl> persist pass in log on $if proto tcp from any to $ip1 port ssh keep state \ (max 30 max-src-conn 29 max-src-conn-rate 30/60 source-track overload <oload> flush global)
And cron does:
* * * * root /sbin/pfctl -t oloadtbl -T expire 600 > /dev/null 2>&1
So the question is how do I accomplish the same with iptables? I can't seem to figure that out.
I found some solution in teh interwebz, but to be honest, I don't quite understand them and I'm not going to copy/paste stuff I don't understand from sites I've never heard of.
For example from [url]http://www.cyberciti.biz/tips/howto-limit-linux-syn-attacks.html[/url]
iptables -I INPUT -p tcp -s 0/0 -d $SERVER_IP --sport 513:65535 --dport 22 -m state --state NEW,ESTABLISHED -m recent --set -j ACCEPT iptables -I INPUT -p tcp --dport 22 -m state --state NEW -m recent --update --seconds 600 --hitcount 11 -j DROP iptables -A OUTPUT -p tcp -s $SERVER_IP -d 0/0 --sport 22 --dport 513:65535 -m state
Why is the source port defined? Is that necessary?
Why do explicitly give the states? and why NEW and ESTABLISHED and not just one?
Is this *really* the easiest and most straightforward way to accomplish this?
... Maybe someone with more experience can explain this to me ... :o
I spent pretty much all day configuring our new CentOS VPS at work ... We needed to get that up and running today and the only guy who knows CentOS/Linux had a day off today :-/
There were quite a few surprises along the way, and my head is itchy from being scratched so much ...
What does this forum use for code again? You should really make a help page or something because I keep forgetting :-/
php
blockquote
pre (example).