想达到的效果是: 60 秒内访问超过 10 次就禁止访问,但测试发现无效。请问 iptables 该怎么写呢?
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
2 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
3 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: UPDATE seconds: 60 hit_count: 10 name: TESTPOOL side: source mask: 255.255.255.255
4 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW recent: SET name: TESTPOOL side: source mask: 255.255.255.255
5 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
7 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
8 DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:3306
9 ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmptype 8
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
Chain OUTPUT (policy ACCEPT)
num target prot opt source destination