I am trying to rate limit the oncoming traffic to my servers. I figured using iptables (on centOS) would be the best choice. I have been looking around and discovered a few solutions:
sudo iptables --flush # start again sudo iptables --new-chain RATE-LIMIT sudo iptables --append RATE-LIMIT \ --match hashlimit \ --hashlimit-upto 3/minute \ --hashlimit-burst 5 \ --hashlimit-name conn_rate_limit \ --jump ACCEPT sudo iptables --append RATE-LIMIT --jump DROP
^this does not work - but I want it to as it seems like a better option than the below block (which worked - but I feel has less flexibility):
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
Please help me understand what am I doing wrong with the first block? also, how can I apply this to ipv6? simply by using ip6tables?