[Bug 53] New: Feature request - Basic Denial of Service feature
Thu, 20 Feb 2003 13:43:51 +0100
Summary: Feature request - Basic Denial of Service feature
Product: iptables userspace
I know this is a really complex subject and may be impossible ?
If you could limit connections based on unique source ip address rather than the
current specific ip address you could implement fairly powerfull DOS rules..
i.e. limit ANY 1 source ip address to 5 connections per second
Therfore no individual ip could DOS you, and DDOS would be slowed down
I know this would take up a large amount of memory and hit performance hard but
I'm sure that could be worked around... :-)
Ps. Keep up the fantastic work. my Nokia/Checkpoint combination is now in the
bin where it belongs.
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.