accept-6localhost-traffic () {
	${IP6TABLES} -A dtc-dos-in -i lo -j ACCEPT
}

limit-6ssh-login-rate () {
        if [ -z "${SSH_LOGIN_RATE}" ] ; then
                SSH_LOGIN_RATE=3
        fi
        if [ -z "${SSH_LOGIN_TIME}" ] ; then
                SSH_LOGIN_TIME=7200
        fi
        # Anti DoS SSH : deny ssh for 300 seconds after 10 attempts
        # This can't be too high because of the use of scp
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 22 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 22 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${SSH_LOGIN_TIME} --hitcount ${SSH_LOGIN_RATE} -j REJECT
}
limit-6smtp-connection-rate () {
        if [ -z "${SMTP_RATE}" ] ; then
                SMTP_RATE=8
        fi
        if [ -z "${SMTP_TIME}" ] ; then
                SMTP_TIME=1
        fi
        # max-rate to 15 connections per seconds
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 25 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 25 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${SMTP_TIME} --hitcount ${SMTP_RATE} -j REJECT
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 587 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 587 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${SMTP_TIME} --hitcount ${SMTP_RATE} -j REJECT
}
limit-6http-connection-rate () {
        if [ -z "${HTTP_RATE}" ] ; then
                HTTP_RATE=20
        fi
        if [ -z "${HTTP_TIME}" ] ; then
                HTTP_TIME=1
        fi
        # max-rate to 20 connections per seconds
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 80 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 80 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${HTTP_TIME} --hitcount ${HTTP_RATE} -j REJECT
}
limit-6pop-and-imap-connection-rate () {
        if [ -z "${POP_RATE}" ] ; then
                POP_RATE=5
        fi
        if [ -z "${POP_TIME}" ] ; then
                POP_TIME=1
        fi
        # max-rate to 10 connections per seconds
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 110 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 110 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${POP_TIME} --hitcount ${POP_RATE} -j REJECT
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 995 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 995 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${POP_TIME} --hitcount ${POP_RATE} -j REJECT
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 143 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 143 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${POP_TIME} --hitcount ${POP_RATE} -j REJECT
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 993 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 993 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${POP_TIME} --hitcount ${POP_RATE} -j REJECT

}
limit-6ftp-connection-rate () {
        if [ -z "${FTP_RATE}" ] ; then
                FTP_RATE=5
        fi
        if [ -z "${FTP_TIME}" ] ; then
                FTP_TIME=1
        fi
        # max-rate to 5 connections per seconds for both ftp and ftp-data
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 20 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 20 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${FTP_TIME} --hitcount ${FTP_RATE} -j REJECT
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 21 -i ${INTERFACE} -m state --state NEW -m recent --set
        ${IP6TABLES} -A ${DOS_IP6_IN_CHAIN} -p tcp --dport 21 -i ${INTERFACE} -m state --state NEW -m recent --update --seconds ${FTP_TIME} --hitcount ${FTP_RATE} -j REJECT
}
