- iptables -N INSYNBAN
- iptables -A INSYNBAN -m recent --set --name INSYNBANCOUNTER
- iptables -A INSYNBAN -m recent --update --name INSYNBANCOUNTER --seconds 120 --hitcount 1 -j DROP
- iptables -N INSYNSRCLIMITER
- iptables -A INSYNSRCLIMITER -m recent --update --name INSYNBANCOUNTER --seconds 120 --hitcount 1 -j DROP
- iptables -A INSYNSRCLIMITER -m hashlimit --hashlimit-mode srcip --hashlimit-name insynlimiter --hashlimit 1/s --hashlimit-burst 10 --hashlimit-htable-size 4096 --hashlimit-htable-max 262144 -j RETURN
- iptables -A INSYNSRCLIMITER -m limit --limit 1000/m --limit-burst 1000 -j LOG --log-level 4 --log-ip-options --log-prefix "INSYN_SRC_LIMIT EXCEED: "
- iptables -A INSYNSRCLIMITER -j INSYNBAN
- iptables -A INPUT -p tcp --syn -m state ! --state RELATED,ESTABLISHED -j INSYNSRCLIMITER
Don't like ads? PRO users don't see any ads ;-)
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
create a new version of this paste
RAW Paste Data