Limit IP Connections Per Second via CSF Settings

[sOliver]

Hi,

I was wondering if you could add some options to limit connections per IP per second to the CSF config screen.
Maybe even take a look at mod_limitipconn, which not really works. Currently it is not possible to configure CSF to block simultaneous requests to a single site e.g. google.com/site.html. Yes, I can use Connection track and enter port 80, but that's not very helpful and can be bypassed easily.

For example, I recently added

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 20 -j DROP

Image: http://i55.tinypic.com/x2jgxy.jpg

Now, I really don't know if this will even work, because people still make too many connections per seconds, so it would be great if you could add some configuration to make this easier for us.

Thanks and keep up the good work,
Oliver

[chirpy]

That is what the PORTFLOOD setting does.