Solved

iptables limit connection per ip correct way ?

Posted on 2016-08-29
2
299 Views
Last Modified: 2016-11-20
i have set some rules in ip tables as example i added

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

Open in new window


and thats how my iptables looks like

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window



but there is always ips by-pass the limit and they go up to 400 connection per ip

what is the correct way to limit the connection per ip ?

i am running Ubuntu 15.04 server
0
Comment
Question by:dolphin King
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 37

Accepted Solution

by:
bbao earned 500 total points
ID: 41776606
not sure if your Linux distribution supports "--iplimit-mask n" option which sets the number of bits n of IP addresses that will be masked off? if n is 32, then it should be per IP based control.
0
 

Author Comment

by:dolphin King
ID: 41777138
its support the iplimit mask normally i couldn't connect with more than 3 times the third time i got disconnect but there is some ips couldnt response to this connection limit
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question