Issue
I found an interesting concept which is to block a user¹ when they attempt to open too many TCP connections within one minute.
This comes down to a couple of rules:
iptables -A INPUT -p tcp \ -m recent --update --name synflood --seconds 60 --hitcount 100 \ -m tcp --syn -j add_to_denylist iptables -A INPUT -p tcp \ -m recent --set --name synflood -m tcp --syn
The second rule says to add an entry for the source IP in a table named synflood if the user is attempting to connect using the TCP protocol.
The first rule checks whether the same IP ...