Class Based Selection

Daniel F. Advanced UNIX Hosting Admin - danielf@supportteam.net
Tue, 8 Jan 2002 10:07:39 -0600 

Sorry for being so late on this. :)

and if it already been answered I did not see it :)

From what I understand if you do.  This

iptables -I FORWARD -s 192.168.10.0/24 -p tcp --dport 1214 -m iplimit
--iplimit-above 4 -j REJECT

You are limitng the whole class C to 4. not each IP in the Class C to 4. 
I hope that made sence. 

thanks

On Friday 04 January 2002 12:53 am, Peter Frischknecht wrote:
> Maybe this has already been covered, but I could not find it in the
> archives.
>
> What if I want to specify an action based on a class, instead of a
> single ip address.
>
> Real life Scenario:
> (forget throttle for now, that is already taken care of)
>
> I want to limit the number of connections any single user can have
> to/from a specific port.  Let's use 1214 (morpheus).
> This works:
> iptables -I FORWARD -s 192.168.10.10 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
>
> Now...I would like for ALL of my users to be imposed the same rule,
> without having to create a single entry for each IP address.
>
> Can it be done?  I don't want:
> iptables -I FORWARD -s 192.168.10.0/24 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
>
> It would simply keep the entire site limited to 4 connections.
> Whatever the command is, it would be the same as:
> iptables -I FORWARD -s 192.168.10.10 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
> iptables -I FORWARD -s 192.168.10.11 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
> iptables -I FORWARD -s 192.168.10.12 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
> iptables -I FORWARD -s 192.168.10.13 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
> iptables -I FORWARD -s 192.168.10.14 -p tcp --dport 1214 -m iplimit
> --iplimit-above 4 -j REJECT
> ...
>
> Your reply would be greatly appreciated.
>
> Peter Frischknecht
> Empowering Solutions, Inc.

-- 
Chief Security Engineer | Daniel Fairchild danielf@supportteam.net 
To rate my service or provide feedback, please visit the following URL:
http://www.supportteam.net/rate.php3
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.