Munin traffic accounting with iptables « \1

The munin plugin described in this article can be downloaded here: traffic_accounting. Remember that it must be made executable once it's copied in place.

Iptables Limits Connections Per IP - The Community's Center for Security

/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset
Multiple-port knocking Netfilter/IPtables only implementation

There are several methods of implementing port knocking (the sophisticated project Knockd for instance). Here we'll demonstrate a very simple means of achieving the port-knocking effect using nothing more than netfilter, or iptables, rules. You will need the iptables "recent" module compiled in you kernel or as a module - we've previously introduced using this to rate-limit incoming connections with the recent module.
