iptables limit connection per ip correct way ?
iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 4 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
and thats how my iptables looks like
Chain INPUT (policy ACCEPT)
target prot opt source destination
REJECT tcp -- anywhere anywhere tcp dpt:20000 flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
REJECT tcp -- anywhere anywhere tcp dpt:ssh flags:FIN,SYN,RST,ACK/SYN #conn src/32 > 2 reject-with tcp-reset
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
but there is always ips by-pass the limit and they go up to 400 connection per ip
what is the correct way to limit the connection per ip ?
i am running Ubuntu 15.04 server
Who is Participating?
Experts Exchange Solution brought to you by
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
Experts Exchange Solution brought to you by
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
From novice to tech pro — start learning today.
Experts Exchange Solution brought to you by