[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

iptables limit connection per ip correct way ?

Posted on 2016-08-29
2
1 solution
Medium Priority
?
470 Views
Last Modified: 2016-11-20
i have set some rules in ip tables as example i added 

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

Open in new window


and thats how my iptables looks like 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window



but there is always ips by-pass the limit and they go up to 400 connection per ip

what is the correct way to limit the connection per ip ?

i am running Ubuntu 15.04 server
0
Comment
Question by:dolphin King
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Join The Community
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 2000 total points
ID: 41776606
not sure if your Linux distribution supports "--iplimit-mask n" option which sets the number of bits n of IP addresses that will be masked off? if n is 32, then it should be per IP based control.
0
 

Author Comment

by:dolphin King
ID: 41777138
its support the iplimit mask normally i couldn't connect with more than 3 times the third time i got disconnect but there is some ips couldnt response to this connection limit
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

See our Offerings
Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Top 5 Challenges Faced by MSPs in 2014
Article by: Geraldine
​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
It’s time to kill the password
Article by: Teksquisite
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
PRTG Quick Overview (07:27)
Video by: Kimberley
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Video by: Jerome
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Advertise Here
Suggested Courses

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Advertise Here