I missed part of the thread here so forgive a 'doh' response.. Another possibility to this could be putting the sshd under the xinetd service. Then you could limit connections with 'cps'. The value below would allow 25 connections per second but anything over that would disable the service for 30 seconds. cps = 25 30 These are also valid variables; access_times = 8:00-18:00 per_source = 3 (max allowed connections per source address) www.linuxtech.cc -----Original Message----- From: fedora-list-bounces@xxxxxxxxxx [mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Robert P. J. Day Sent: Thursday, December 30, 2004 11:35 AM To: For users of Fedora Core releases Subject: Re: question about ssh On Thu, 30 Dec 2004, Dario Lesca wrote: > Il gio, 2004-12-30 alle 14:30, Steven Stern ha scritto: > > On Thu, 30 Dec 2004 21:19:35 +0800, chi <chi@xxxxxxxxxxxxxxxxxx> wrote: > > > I did three things. > > ... > > .. and via iptables? > > it is possible allow only 2 or 3 access every 5/10 minutes with > --limit-burst option? you're being kind of vague here. is it 2 or 3? is it every 5 or 10 minutes? once upon a time, i figured out how the whole "--limit" and "limit-burst" thing worked, and the man page really makes it more complicated than it has to be. consider an example involving both of: --limit 5/minute --limit-burst 10 think of the above as follows: you start with a bucket (for you statisticians, that would be "urn") with 10 tokens. every time you get an arrival that you're limiting, you pay for it with a token out of the urn. 5 times per minute (every 12 seconds), a token is dropped into the bucket for you to regularly replenish your supply. but the limit-burst means you are never allowed to hold more than 10 tokens at a time. so how does a burst affect this? if you suddenly get whacked hard with lots of packets, you have enough tokens to allow the first 10, after which you reject all the rest except for one every 12 seconds, when you get a new token in the urn, and you use that new token almost immediately if you're getting lots of traffic. only when things slow down do you get the chance to start gradually building up your stock of tokens in the urn (again, up to a maximum of 10). rday p.s. hmmm ... i just checked the iptables man page and, strangely, it seems to follow the above explanation a lot more closely than it used to. how odd. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message. Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited.