APF. Debian Administration :: Using iptables to rate-limit incoming connections. Posted by Steve on Sun 17 Jul 2005 at 00:39 The iptables firewall has several useful extension modules which can be used to in addition to the basic firewall functionality. One of the more interesting of these extensions is the "recent" module which allows you to match recent connections, and perform simple throttling on incoming connections. We've previously described keeping SSH access secure by limiting which users can connect, or just firewalling access so that only a small list of trusted IP addresses can connect. In most cases this is sufficient to protect your system. However there are times when you have to allow arbitary incoming connections, when you are travelling for example. In these situations you can open up your system to allow incoming connections and be the target of a dictionary attack - literally a machine trying to connect and login over and over again using usernames and passwords from a dictionary.
An example is probably the simplest way to illustrate how it works. . #! Files. Linux Packet Filtering and iptables - Linux Packet Filtering and iptables. NuFW - An authenticating Firewall. The Best Script For Iptables Firewall - The UNIX Forums. #! /bin/sh # # rc.DMZ.firewall - DMZ IP Firewall script for Linux 2.4.x and iptables # # Copyright (C) 2001 Oskar Andreasson # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; version 2 of the License. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program or from the site that you downloaded it # from; if not, write to the Free Software Foundation, Inc., 59 Temple # Place, Suite 330, Boston, MA 02111-1307 USA # ########################################################################### # # 1. Configuration options. # # 1.1 Internet Configuration # # 1.1.2 PPPoE # # # 1.3 DMZ Configuration.