Useful links for iptable rules:

    • limit connections per ip: also check the use of -p tcp –syn to restrict the limit only to the initiation request (with the SYN flag on).
    • explanation on the limit module: To further explain the limit match, it is basically a token bucket filter. Consider having a leaky bucket where the bucket leaks X packets per time-unit. X is defined depending on how many matching packets we get, so if we get 3 packets, the bucket leaks 3 packets per that time-unit. The –limit option tells us how many packets to refill the bucket with per time-unit, while the –limit-burst option tells us how big the bucket is in the first place. So, setting –limit 3/minute –limit-burst 5, and then receiving 5 matches will empty the bucket. After 20 seconds, the bucket is refilled with another token, and so on until the –limit-burst is reached again or until they get used.