Simple router
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
Check help of hashlimit module
iptables -m hashlimit --help
Allow only from localhost with unlimit, anyone else 3 connections per minute
iptables -F INPUT iptables -I INPUT -m tcp -p tcp --dport 22 -m state --state NEW -j REJECT iptables -I INPUT -m tcp -p tcp --src 127.0.0.0/8 --dport 22 -m state --state NEW -j ACCEPT iptables -I INPUT -m hashlimit -m tcp -p tcp --dport 22 --hashlimit 3/min --hashlimit-mode srcip --hashlimit-name ssh -m state --state NEW -j ACCEPT
Check stats
cat /proc/net/ipt_hashlimit/ssh