iptables limit connection per ip correct way ?

dolphin King
dolphin King used Ask the Experts™
on
i have set some rules in ip tables as example i added 

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

Open in new window


and thats how my iptables looks like 

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window



but there is always ips by-pass the limit and they go up to 400 connection per ip

what is the correct way to limit the connection per ip ?

i am running Ubuntu 15.04 server
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
View Solution Only
IT Consultant
Commented:
not sure if your Linux distribution supports "--iplimit-mask n" option which sets the number of bits n of IP addresses that will be masked off? if n is 32, then it should be per IP based control.
dolphin King

Author

Commented:
its support the iplimit mask normally i couldn't connect with more than 3 times the third time i got disconnect but there is some ips couldnt response to this connection limit

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial