From mboxrd@z Thu Jan  1 00:00:00 1970
From: Mark Moseley <moseleymark@gmail.com>
Subject: Re: use of the limiting options
Date: Wed, 26 Jan 2005 10:43:55 -0800
Message-ID: <294d5daa05012610435e4160b@mail.gmail.com>
References: <Pine.LNX.4.53.0501251248340.24829@altaica>
	<Pine.LNX.4.53.0501251306320.24829@altaica>
	<Pine.LNX.4.53.0501251327570.24829@altaica>
	<294d5daa0501251137328fa4ff@mail.gmail.com>
	<Pine.LNX.4.53.0501251340370.24829@altaica>
	<294d5daa05012511513465fcc1@mail.gmail.com>
	<Pine.LNX.4.53.0501251355270.24829@altaica>
	<294d5daa0501251217b1935c4@mail.gmail.com>
	<Pine.LNX.4.53.0501251421150.24829@altaica>
	<Pine.LNX.4.53.0501260156100.24829@altaica>
Reply-To: Mark Moseley <moseleymark@gmail.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <netfilter-bounces@lists.netfilter.org>
In-Reply-To: <Pine.LNX.4.53.0501260156100.24829@altaica>
List-Id: <netfilter.vger.kernel.org>
List-Unsubscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=unsubscribe>
List-Archive: </pipermail/netfilter>
List-Post: <mailto:netfilter@lists.netfilter.org>
List-Help: <mailto:netfilter-request@lists.netfilter.org?subject=help>
List-Subscribe: <https://lists.netfilter.org/mailman/listinfo/netfilter>,
	<mailto:netfilter-request@lists.netfilter.org?subject=subscribe>
Sender: netfilter-bounces@lists.netfilter.org
Errors-To: netfilter-bounces@lists.netfilter.org
Content-Type: text/plain; charset="us-ascii"
To: netfilter@lists.netfilter.org

I'm guessing maybe you don't have a rule above that accepts
established connections? e.g.
iptables -A INPUT -i eth0 -p tcp --dport 22 -m state --state
ESTABLISHED -j ACCEPT

If you don't have that, your established connection will soon deplete
the 6/hr packets as well.

Though, as Jason mentioned, you probably want to poke a hole or two
through for select known-good IPs.