24 March 2008

rate-limiting in iptables

I recently learned about a useful feature in iptables which might help prevent denial of service (DOS) attacks. The iptables "recent" extension dynamically creates a list of source addresses against which your ruleset can match, for example, to block someone who is making too many connection attempts in a given time interval. The Debian Administration blog has a good example of using this to block DOS attacks against an ssh server.

No comments: