Sat, Jan 29, 2005 at 02:39:17PM +0200, unisol wrote about "[uanog] linux iptables: limit number of TCP connections":
PA> Надо каким-то каком ограничить количество входящих tcp-connections
PA> на заданный порт - как это сделать с помощью iptables?
PA> 2.4.20-021stab022.1.777-smp #1 SMP Sat Jun 26 16:57:13 MSD 2004 i686 i686 i386 GNU/Linux
PA> iptables v1.2.8
взять из patch-o-matic
The base/iplimit patch:
Author: Gerd Knorr
Status: ItWorksForMe[tm]
This adds CONFIG_IP_NF_MATCH_IPLIMIT match allows you to restrict the
number of parallel TCP connections to a server per client IP address
(or address block).
Examples:
# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m iplimit --iplimit-above 2 -j REJECT
# you can also match the other way around:
iptables -p tcp --syn --dport 23 -m iplimit ! --iplimit-above 2 -j ACCEPT
# limit the nr of parallel http requests to 16 per class C sized
# network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m iplimit --iplimit-above 16 --iplimit-mask 24 -j REJECT
CU!
--
//ShaD0w
===================================================================
uanog mailing list.
To Unsubscribe: send mail to majordomo@uanog.kiev.ua
with "unsubscribe uanog" in the body of the message
