Take a look at this option with the others hinted in the previous replies, quoted directly from the man page: max-src-conn-rate _number_ / _seconds_ Limit the rate of new connections over a time interval. The con- nection rate is an approximation calculated as a moving average.