This is what I've got so far:
Code: Select all
# Insert new rules (in reverse order, because it's insert, not append)
iptables -I FORWARD -m state --state NEW -m limit --limit 100/second -j ACCEPT
iptables -I FORWARD -m recent --update --seconds 60 -j DROP
# Append new rules
iptables -A FORWARD -p tcp -m recent --set -j REJECT --reject-with tcp-reset
iptables -A FORWARD -m recent --set -j DROP
It's supposed to allow a max of 100 SYN packets/second, and after that block the IP until there has been 60 seconds of silence from that address.