Hello, I have been given a task that I think netfilter is ideal for, but need a little help. I need to be able to limit the number of connections going through a router running netfilter to a max of 500. When I hit 500, I want to reject any new connections. I know that the iplimit match does this, but I don't seem to be having any luck getting it to work. Here is the scenario.. ---- ---- ---- =A = -> Port 80 -> +NF+ -> Port 80 -> =C = ---- ---- ---- Simple enough. NF is my netfilter router, A is source, C is destination. C is an application that when it gets overworked, pretty much tarpits connecting clients and never lets go. I have tried many permutations of iptables -A FORWARD -p tcp -i lan -m state --state NEW -m iplimit --iplimit-above 1 -j REJECT with out much luck. Does anyone have any idea on how to make iplimit in a router situation work? Should I apply this to the output chain? -- Jason Baker baker@cyborgworkshop.com www.cyborgworkshop.com
