On 4/22/06, robee <mlody@xxxxxxxxx> wrote:
> do you mean it shoud be indyvidual rule for each IP separatelly?
Yes, that's right. So, instead of this:
iptables -A FORWARD -p tcp --syn -s 10.10.2.96/27 -m connlimit
--connlimit-above 20 -j REJECT
which will not do what you want, you'd instead use something this:
for i in `seq 97 126`; do
iptables -A FORWARD \
-p tcp --syn \
-s 10.10.2.${i} \
-m connlimit --connlimit-above 20 \
-j REJECT
done
--
Toby DiPasquale
0x636f6465736c696e67657240676d61696c2e636f6d
