Veja o que você pode fazer:
iptables -A INPUT -p udp -s 111.111.111.111 --dport 123 -m limit --limit 25/minute --limit-burst 100 -j ACCEPT
Você precisa ter a extensão limit do iptables. O exemplo fornecido limita o máximo de 25 conexões por minuto.
O limit-burst 100
indica que o limite / minuto será aplicado somente depois que o número total de conexões atingir o limite de burst.
Do manual:
-s, --source address[/mask][,...]
Source specification. Address can be either a network name, a hostname, a network IP address (with /mask), or a plain IP
address. Hostnames will be resolved once only, before the rule is submitted to the kernel. Please note that specifying any
name to be resolved with a remote query such as DNS is a really bad idea. The mask can be either an ipv4 network mask (for
iptables) or a plain number, specifying the number of 1's at the left side of the network mask. Thus, an iptables mask of 24
is equivalent to 255.255.255.0. A "!" argument before the address specification inverts the sense of the address. The flag
--src is an alias for this option. Multiple addresses can be specified, but this will expand to multiple rules (when adding
with -A), or will cause multiple rules to be deleted (with -D).