From mboxrd@z Thu Jan 1 00:00:00 1970 From: Marek Kierdelewicz Subject: Re: Hot to design syn-flood protection based on ip ? Date: Tue, 1 Sep 2009 08:58:01 +0200 Message-ID: <20090901085801.428359f0@catlap> References: <4A967DE2.2060601@infoservices.in> <4A9CBF27.1070600@infoservices.in> Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <4A9CBF27.1070600@infoservices.in> Sender: netfilter-owner@vger.kernel.org List-ID: Content-Type: text/plain; charset="us-ascii" To: "J. Bakshi" Cc: netfilter@vger.kernel.org Hello, >Any clue ? You're on the right track. Just use "hashlimit" module instead of "limit".Use option "--hashlimit-mode srcip". All necessary info is in iptables manpage. Best regards, Marek