Take a look at the connlimit module in patch-o-matic-ng. It's default behavior is to limit connections per IP.
iptables -I INPUT 1 -p tcp --syn --dport 25 -m connlimit --connlimit-above 4 -j REJECT --reject-with tcp-reset
You will however most likely need to patch your kernel to use it.
-Damon-
On Fri, 20 May 2005, Anthony Sadler wrote:
Hey
First post :D
I have a linux mail server that is getting spammed and mail bombed. In an attempt to control this, we are trying to limit the amount of connections to the server on port 25. Now we don't want to limit the total connections that are allowed to connect, we would like to say that IP 1.2.3.4 can only have 4 sessions open to us.
I've been looking at the IP_LIMIT module for iptables, but it seems I can only either limit total connections, or do it on a per IP basis (which would be impossible).
So to summarise, I want as many separate hosts to connect, but only to be allowed, say, 4 concurrent connections.
Thanks!
Anthony Sadler