How to handle large numbers of connections from an IP address?
Solution 1:
maybe something like this will help. it will block any hosts, that open more than 150 connections within 2 minutes (180 seconds):
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 180 --hitcount 150 -j REJECT
you have to tune the script, so that normal users will never get blocked