[CentOS] to filter dos ip using iptables recent

MontyRee chulmin2 at hotmail.com
Sun Aug 16 10:16:38 UTC 2009


Hello, all.
 
I read this document about iptables recent module.
http://blog.andrew.net.au/2005/02/16#ipt_recent_and_ssh_attacks
 
and I would like to filter the excessive spam mail sending ip address by iptables recent module.
and some questions.
 
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --set --name SPAM
iptables -A INPUT -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --rttl --name SPAM -j DROP

 
If I set like above, 
 
I can't understand the meaning of the hitcount.
it means the number of a packet, session or connection?
 
above rule means if 4 connection for 60 seconds, the ip will be filtered for 60 seconds, right? 
 
if some ip was filtered, how long will be filtered? for 60 seconds?
 
when I see the list as cat /proc/net/ipt_recent/SPAM
the maximum number is 100. if it reaches the 100, no problem?
and how to increase the number? 
 
 
Thanks in advance.

 
_________________________________________________________________
메신저 10살 생일도 축하해 주시고,이벤트도 참여하세요~!
http://im.msn.co.kr/im/main/mainCoverDetail.asp?BbsCode=bbs01&Seq=2688



More information about the CentOS mailing list