connlimit and hashlimit are better than recent for this particular job. I too limit connections to one, and one per 5 minutes. Should remotes violate that, they get two warnings (ICMP admin-prohibited), and if they're too eager, they fall into my TCP TARPIT.