Re: Limiting connections per IP per port

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Take a look at the connlimit module in patch-o-matic-ng. It's default behavior is to limit connections per IP.


iptables -I INPUT 1 -p tcp --syn --dport 25 -m connlimit
--connlimit-above 4 -j REJECT --reject-with tcp-reset

You will however most likely need to patch your kernel to use it.

-Damon-

On Fri, 20 May 2005, Anthony Sadler wrote:

Hey

First post :D

I have a linux mail server that is getting spammed and mail bombed. In an
attempt to control this, we are trying to limit the amount of connections to
the server on port 25.
Now we don't want to limit the total connections that are allowed to
connect, we would like to say that IP 1.2.3.4 can only have 4 sessions open
to us.

I've been looking at the IP_LIMIT module for iptables, but it seems I can
only either limit total connections, or do it on a per IP basis (which would
be impossible).

So to summarise, I want as many separate hosts to connect, but only to be
allowed, say, 4 concurrent connections.

Thanks!

Anthony Sadler






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux