Friday, April 15, 2011

How to limit the connections from one ip address using iptables


The following command will block all the exceeding connections [ more than 3] from any ip address to this machine. This can be used against DDOS attack.
#iptables  -A INPUT -p all   -m connlimit --connlimit-above 3 -j REJECT

Suppose if you want to block only ssh connections, then use the following command.
iptables  -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT

for allowing 2 telnet connections per client host

#iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT

you can also do as give below
#iptables  -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT

For limiting  the number of parallel http requests to 16 per class C sized network (24 bit netmask)
#iptables  -A INPUT-p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT

No comments:

Post a Comment

Be nice. That's all.