----- Original Message -----
From: "rabbtux rabbtux" <rabbtux@xxxxxxxxx>
To: <netfilter@xxxxxxxxxxxxxxxxxxx>
Sent: Friday, April 21, 2006 9:01 PM
Subject: one rule to create per IP connlimits?
All,
Is there anyway I could create a rule that would create a tcp
connection limit (say 20) for traffic from say 10.10.2.96/27 that
would apply to each of the 32 IPs. That is each address,
10.10.2.96-127 would be limited to 20 connections?? Or do I need to
make up one iptables rule per address?
It sure would be nice if I could do this with one rule per address
block, as I have several hundred addresses to limit!
Thanks in advance - marshall
maybe this way:
iptables -I FORWARD -p tcp --syn -s 10.10.2.96/27 -m
connlimit --connlimit-above 20 -j REJECT
or
iptables -I FORWARD -p tcp --syn -m iprange --src-range
10.10.2.96-10.10.2.127 -m connlimit --connlimit-above 20 -j REJECT
robee
