# rate-limit repeated new requests from same IP to any ports
iptables -I INPUT -i $ETH0ORSIMILAR -m state --state NEW -m recent --set
iptables -I INPUT -i $ETH0ORSIMILAR -m state --state NEW -m recent --update --seconds 60 --hitcount 12 -j DROP
With the settings above, I would drop any connection that repeatedly hits my server more than 12 times within 60 seconds.
Is it possible to have this in place for all ports but let say port 8080?
You can simply modify your DROP rule to read:
iptables -I INPUT -i $ETH0ORSIMILAR -p tcp ! --dport 8080 -m state --state NEW -m recent --update --seconds 60 --hitcount 12 -j DROP
You need to add the options -p tcp ! --dport 8080 to match TCP traffic destined to any port except 8080. Note that this rule will not match other protocols like UDP.
Another possibility is to have an ACCEPT rule before these two rules for port 8080.
As another solution you could add to your iptables rules ACCEPT rule before your DROP rule. It will accept all packets on port 8080 and made rate-limit for all other ports.
iptables -I INPUT -i $ETH0ORSIMILAR -m tcp --dport 8080 -j ACCEPT
iptables -I INPUT -i $ETH0ORSIMILAR -m state --state NEW -m recent --set
iptables -I INPUT -i $ETH0ORSIMILAR -m state --state NEW -m recent --update --seconds 60 --hitcount 12 -j DROP
This solution will allow you open ports for access without rule modification.
