iptables limit connection per ip correct way ?

i have set some rules in ip tables as example i added

iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

Open in new window


and thats how my iptables looks like

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
REJECT     tcp  --  anywhere             anywhere             tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT     tcp  --  anywhere             anywhere             tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Open in new window



but there is always ips by-pass the limit and they go up to 400 connection per ip

what is the correct way to limit the connection per ip ?

i am running Ubuntu 15.04 server
dolphin KingAsked:
Who is Participating?
 
bbaoConnect With a Mentor IT ConsultantCommented:
not sure if your Linux distribution supports "--iplimit-mask n" option which sets the number of bits n of IP addresses that will be masked off? if n is 32, then it should be per IP based control.
0
 
dolphin KingAuthor Commented:
its support the iplimit mask normally i couldn't connect with more than 3 times the third time i got disconnect but there is some ips couldnt response to this connection limit
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.