Extended Critera


state: Stateful Inspection
Uses Netfilter's Connection Tracking system
Classifies packets into 4 categories
NEW: Packets establishing new sessions.
ESTABLISHED: Packets which are part of an open connection
RELATED: Packets which are related to an open connection
INVALID: Everything else

iptables -a INPUT -i ppp0 \ 
        -m state --state ESTABLISHED,RELATED \ 
        -j ACCEPT

limit: Rate Limiting
control maximum match rate

iptables -a INPUT -p tcp -i ppp0 --dport 23 \ 
        -m state --state NEW \ 
        -m limit --limit-avg 1/minute --limit-burst 10 \ 
        -j ACCEPT