How do I restrict the number of connections used by a single IP address to my server for port 80 and 25 using iptables?
You need to use the connection limit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block). This is useful to protect your server or vps box against flooding, spamming or content scraping.
Syntax
The syntax is as follows:
# /sbin/iptables -A INPUT -p tcp –syn –dport $port -m connlimit –connlimit-above N -j REJECT –reject-with tcp-reset
save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Example: Limit SSH Connections Per IP / Host
Only allow 3 ssh connections per client host:
# /sbin/iptables -A INPUT -p tcp –syn –dport 22 -m connlimit –connlimit-above 3 -j REJECT
save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Example: Limit HTTP Connections Per IP / Host
Only allow 20 http connections per IP (MaxClients is set to 60 in httpd.conf):
# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -m connlimit –connlimit-above 20 -j REJECT –reject-with tcp-reset
save the changes see iptables-save man page, the following is redhat and friends specific command service iptables save
Skip proxy server IP 1.2.3.4 from this kind of limitations:
# /sbin/iptables -A INPUT -p tcp –syn –dport 80 -d ! 1.2.3.4 -m connlimit-above 20 -j REJECT –reject-with tcp-reset
Enjoy it….
REFERENCE
http://www.hackadmin.com/2010/02/18/how-to-create-connection-limits-with-iptables/
