IPTables spam limiting question
Hi, I'm using IPTables to manage outgoing email connections from a wireless hotspot and have the following rules set up:
iptables -I FORWARD -p tcp --dport 25 -m state --state NEW -m recent --set
iptables -I FORWARD -p tcp --dport 25 -m state --state NEW -m recent --update --seconds 60 --hitcount 30 -j DROP
(I'm totally clueless about this, so apologies if I'm messing it up)
From what I understand the first string adds any host who connects on port 25 to a table, the second string restricts any hosts in the table that send 30 messages in 60 seconds.
the problem with this is if a host spews a ton of spam (we're talking infected client laptops) upon initial connection they won't be blocked, only if they initiate a second connection.
is there a string I can use that would add ALL hosts to the match table? so that the DROP rule would be applied to every connection on port 25?