From mboxrd@z Thu Jan 1 00:00:00 1970 From: " Tobias Geiger" Date: Mon, 01 Jul 2002 13:00:16 +0000 Subject: Re: [LARTC] Hammer protection Message-Id: List-Id: References: In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org > Hi, > > Is it possible to use iptables as hammeprotection ? > > I want to deny a user who has just logged off .. for about 10seconds. > i think this is a application-logic-thing which can't be implemented that easy only by one iptables-line > I tried with this, but that didn't work. Maybe my mind is going > completely in the wrong direction today? =) > > iptables -I INPUT -i eth0 -p tcp -s 0/0 -d $my_ip --dport 21 -m limit > --limit 10/second --limit-burst 1 --tcp-flags ALL SYN -j ACCEPT > this rule blocks (afaik) every request after the 10th/second, no matter s.o logged off or on ... i think what u want must be done on application-level or with an "magic) (and dirty) script which watches the ftp-log if s.o loggs off, grep's it's ip and then blocks it for 10 seconds but that not only sounds ugly :) > Greetings, > > Joachim > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/