View Full Version : info iptables
sbomberino
30-06-2006, 11:44
ciao,
č possibile settare iptables in modo che limiti le connessioni in uscita verso un ip/porta ad un numero customizzabile?
Vorrei per esempio limitare le connessioni verso 1.1.1.1 porta 80 a 10, superate queste fa una REJCET
si puņ fare?
Grazie :)
ciao
man iptables
cmq:
connlimit
Allows you to restrict the number of parallel TCP connections to a server per client IP address (or address
block).
[!] --connlimit-above n
match if the number of existing tcp connections is (not) above n
--connlimit-mask bits
group hosts using mask
Examples:
# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT
# you can also match the other way around:
iptables -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT
# limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT
vBulletin® v3.6.4, Copyright ©2000-2025, Jelsoft Enterprises Ltd.