* Modification to iptables (block IP addresses)
@ 2002-10-28 19:49 rwc
2002-10-28 20:11 ` Michael Atighetchi
0 siblings, 1 reply; 4+ messages in thread
From: rwc @ 2002-10-28 19:49 UTC (permalink / raw)
To: netfilter
Is anyone working on the following modification to iptables?
Dynamically watch for connections coming from any source IP addresses
that exceeds a
predefined number of connections per unit time. When seen, block all
subsequent connections from that source for a predefined period of time
or
indefinitely. Currently, one can do this for specific predefined source
IP
addresses, but it would be good to have the ability to do this without
having prior knowledge of the offending IP source.
^ permalink raw reply [flat|nested] 4+ messages in thread
[parent not found: <Pine.LNX.4.21.1010221832550.715-100000@hybel173.grm.hia.no>]
* Modification to iptables (block IP addresses)
[not found] <Pine.LNX.4.21.1010221832550.715-100000@hybel173.grm.hia.no>
@ 2002-10-28 16:31 ` rwc
2002-10-28 18:13 ` Antony Stone
0 siblings, 1 reply; 4+ messages in thread
From: rwc @ 2002-10-28 16:31 UTC (permalink / raw)
Cc: netfilter
Is anyone working on the following modification to iptables? Dynamically
watch for connections coming from any source IP addresses that exceeds a
predefined number of connections per unit time. When seen, block all
subsequent connections from that source for a predefined period of time or
indefinitely. Currently, one can do this for specific predefined source IP
addresses, but it would be good to have the ability to do this without
having prior knowledge of the the offending IP source.
Roger
^ permalink raw reply [flat|nested] 4+ messages in thread* Re: Modification to iptables (block IP addresses)
2002-10-28 16:31 ` rwc
@ 2002-10-28 18:13 ` Antony Stone
0 siblings, 0 replies; 4+ messages in thread
From: Antony Stone @ 2002-10-28 18:13 UTC (permalink / raw)
To: netfilter
On Monday 28 October 2002 4:31 pm, rwc@lanl.gov wrote:
> Is anyone working on the following modification to iptables? Dynamically
> watch for connections coming from any source IP addresses that exceeds a
> predefined number of connections per unit time. When seen, block all
> subsequent connections from that source for a predefined period of time or
> indefinitely. Currently, one can do this for specific predefined source IP
> addresses, but it would be good to have the ability to do this without
> having prior knowledge of the the offending IP source.
You might want to investigate the "recent" match in p-o-m.
Antony.
--
Software development can be quick, high-quality, or low-cost.
The customer gets to pick any two out of three.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2002-10-28 20:11 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-10-28 19:49 Modification to iptables (block IP addresses) rwc
2002-10-28 20:11 ` Michael Atighetchi
[not found] <Pine.LNX.4.21.1010221832550.715-100000@hybel173.grm.hia.no>
2002-10-28 16:31 ` rwc
2002-10-28 18:13 ` Antony Stone
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox