Re: Limit number of simultaneous TCP connections per IP

To: debian-firewall@lists.debian.org
Subject: Re: Limit number of simultaneous TCP connections per IP
From: Koba <koba@grupocom.com.ar>
Date: Sun, 08 Jun 2003 07:36:59 -0300
Message-id: <[🔎] oprqf2fxwdcyxqgb@mail.grupocom.com.ar>
In-reply-to: <[🔎] Pine.LNX.4.56.0306071502590.23637@papael.stech.psi.br>
References: <[🔎] Pine.LNX.4.56.0306071502590.23637@papael.stech.psi.br>

On Sat, 7 Jun 2003 15:10:55 -0300 (BRT), Alvaro Reguly <debian@reguly.net>wrote:


Hello, I want to limit the maximum number of simultaneous TCP
connections per IP number, say I don't want people flashgeting
stuff from my webserver with 50 threads or something.

I am using a per minute limit, but as a matter of fact, I would like
to limit people from download stuff at all times, not just that 60/minute
interval.

How do I do that? Theses lines are ok? won't they limit simultaneous
connections from all IPs at the same time? Did I make myself clear? :)

$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit60/minute --limit-burst 6 -j ACCEPT

$IPT -A INPUT -p tcp -j REJECT --reject-with tcp-reset

Thanks


Yes, they are limiting everyone.

There is a patch in patch-o-matic (netfilter sources) that does exactlywhat you are needing.


Good Luck,
Koba

Reply to:

References:
- Limit number of simultaneous TCP connections per IP
  - From: Alvaro Reguly <debian@reguly.net>

Prev by Date: Limit number of simultaneous TCP connections per IP
Next by Date: IP aliasing problems.
Previous by thread: Limit number of simultaneous TCP connections per IP
Next by thread: IP aliasing problems.
Index(es):
- Date
- Thread