iptables: Limit hit /24 per ip (NETSCAN-Limit) dst limit for ip

Asked Jun 10 '20 at 11:51

Active Jun 10 '20 at 11:51

Viewed 256 times

in centos we have nat and vpn:

1- detect connections per IP to any /24 if more than 3 different ips in /24 within 5 seconds
2- set dst limit all /24 only for the source ip wich wanted to hit them
3- remove limitation after 30 secounds

How can we do this with iptables?

every time users makes different random ports and sort of new ips, so only automatic rule can be usefull NOT blocking ports or ips manualy !!!

for example:

Fri Jun 5 20:28:42 2020 TCP 88.198.63.86 57574 => 209.34.83.135 6379

Fri Jun 5 20:28:42 2020 TCP 88.198.63.86 57575 => 209.34.83.136 6379

Fri Jun 5 20:28:45 2020 TCP 88.198.63.86 57576 => 209.34.83.137 6379

Fri Jun 5 20:28:45 2020 TCP 88.198.63.86 57579 => 209.34.83.140 6379

Fri Jun 5 20:28:42 2020 TCP 88.198.63.86 57580 => 209.34.83.141 8080

Fri Jun 5 20:28:45 2020 TCP 88.198.63.86 57580 => 209.34.83.141 8080

edited Jun 12 '20 at 13:48

Community

asked Jun 10 '20 at 11:51

DjMohsen

iptables: Limit hit /24 per ip (NETSCAN-Limit) dst limit for ip

0 Answers0