El vie, 15 de 10 de 2004 a las 12:48, Rio Martin. escribiÃ: > Folks, > I need to know how to limit access to some number from bulk random users. > Let say, i have 256 PCs connecting to Internet daily. > I want to limit my users accessing to Internet only for 100 users during peak > time. But these 100users must be selected in random. > > Need a fresh idea how to do that with iptables. Should i apply special > patches? > Thanks .. > > Regards, > Rio Martin. Maybe you can use conntrack and limit the SYN packets (NEW packets) with the limit match, this will give you some control over the number of connections that are made (not the total number but the number of connections in a given time). But have in mind that this will not work for sessions, just for connections, that means that maybe someone it's using the www and some connections will work and some not, because a huge number of connections are made for the same page (ads, images from other sites, etc). Maybe you can use persistent connections in the browsers so the connections are not broken. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac@xxxxxxxxx bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÃA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road"
