Solved

iptables limit connection per ip correct way ?

Posted on 2016-08-29
2
96 Views
Last Modified: 2016-11-20
i have set some rules in ip tables as example i added

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

Open in new window


and thats how my iptables looks like

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window



but there is always ips by-pass the limit and they go up to 400 connection per ip

what is the correct way to limit the connection per ip ?

i am running Ubuntu 15.04 server
0
Comment
Question by:dolphin King
2 Comments
 
LVL 37

Accepted Solution

by:
Bing CISM / CISSP earned 500 total points
ID: 41776606
not sure if your Linux distribution supports "--iplimit-mask n" option which sets the number of bits n of IP addresses that will be masked off? if n is 32, then it should be per IP based control.
0
 

Author Comment

by:dolphin King
ID: 41777138
its support the iplimit mask normally i couldn't connect with more than 3 times the third time i got disconnect but there is some ips couldnt response to this connection limit
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
OpenVPN Speed limitation to only 10 mbps 7 98
ipsec tunnel comme not up 10 80
su - oracle could not open session 6 53
Need BIOS update Linux for MSI X99A motherboard. 4 31
The purpose of this article is to fix the unknown display problem in Linux Mint operating system. After installing the OS if you see Display monitor is not recognized then we can install "MESA" utilities to fix this problem or we can install additio…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now