当你知道是哪一台机器受到攻击:
access−list 103 deny tcp any host 10.0.0.1 established
!−− Let established sessions run fine
access−list 103 permit tcp any host 10.0.0.1
!−− We are just going to rate limit the initial tcp SYN packet, !−− as the other packets in interface
rate−limit input access−group 103 8000 8000 8000 conform−action transmit exceed−action drop
当你不知道哪一台机器或者几台受到攻击
access−list 104 deny tcp any any established
!−− Let established sessions run fine
access−list 104 permit tcp any any
!−− We are just going to rate limit the initial tcp SYN packet, as the other packets !−− in interface
rate−limit input access−group 104 64000 8000 8000 conform−action transmit
exceed−action drop