would like to use match limit
bclark at eccotours.co.za
Tue Nov 28 08:35:01 CET 2006
I have the following last four rules in my ruleset.
4863 234K REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
1800 86165 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT 0 -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-unreachable
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
What I was thinking / or hoping to add was the match limit, where by ill match these rules for a certain period, but
then after that it moves to my default policy, which is DROP.
The question is, would this be a good feasable solution, and b) what would be a good time period (how much burst).
Thanks to those who reply in advance.
More information about the netfilter