# Limit ACCEPTs for ipt_recent table $TAG to 6 per 60 seconds and IP.
# The limit doesn't apply to IPs in the WHITELIST table.
#
# by Juergen Kreileder <jk@blackdown.de>
# http://blog.blackdown.de/2005/02/18/mitigating-ssh-brute-force-attacks-with-ipt_recent/
#
# Changlog:
# 2005-08-30: use fatal_error instead of exit 

[ -n "$TAG" ] || fatal_error "TAG not set"

run_iptables -A $CHAIN -m recent \
    --rcheck --seconds 60 --rttl --name WHITELIST -j ACCEPT

if [ -n "$LEVEL" ]; then
    run_iptables -N %$CHAIN
    log_rule_limit $LEVEL %$CHAIN Limit DROP "$LOG_LIMIT" $TAG
    run_iptables -A %$CHAIN -j DROP
    
    run_iptables -A $CHAIN -m recent \
        --update --seconds 60 --hitcount 6 --rttl --name $TAG -j %$CHAIN
else
    run_iptables -A $CHAIN -m recent \
        --update --seconds 60 --hitcount 6 --rttl --name $TAG -j DROP
fi

run_iptables -A $CHAIN -m recent --set --name $TAG -j ACCEPT