Limit

Damon Gray dgray at internap.com
Fri Aug 26 23:24:42 CEST 2005


There is a way with connlimit to limit from all IPs, add a 
--connlimit-mask 0


On Fri, 26 Aug 2005, Daniel Lopes wrote:

> Taylor, Grant schrieb:
>> Take a look at the connlimit match extension.
>> 
>> iptables -t filter -A INPUT -i ${WAN} -d ${WANIPAddress} -p tcp --dport 
>> 3333 -m connlimit --connlimit-above 10 -j DROP
>> 
>> 
>> 
>> Grant. . . .
>> 
>> Lyubomir Louisov wrote:
>> 
>>> So how can i limit the number of connections on port 3333 to no more than 
>>> 10
>>> at a time with iptable?
>>> Is it posible?
>> 
>> 
>> 
>> 
> I first thought about the same thing. But that will allow more than 10 
> connections in total. It will allow only 10 connections per IP but afaik in 
> total it can then be alot more than 10 depending on the IPs connecting. Don't 
> know how you can limit it to 10 connections in total but there must be a way 
> with so much options being available for iptables ;). Please correct me if I 
> am wrong.
>
>
>



More information about the netfilter mailing list