Hi, I finally opted for some iptables rules:
-A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT -A INPUT -m recent --name tftp --update --reap --seconds 5 -j ACCEPT -A INPUT -m conntrack -m set --match-set tftp_hosts src -p udp --dport 69 --ctstate NEW -j REJECT -A INPUT -m conntrack -m recent --name tftp --set -p udp --dport 69 --ctstate NEW -j SET --add-set tftp_hosts src This will allow consecutive TFTP requests with a timeout of 5 seconds. If the host is already in the IP set, it is rejected. -- Jimmy -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1374850587.30420.2.camel@BEWS005
