04. June 2023 - verfasst von Oliver Gaida - Kategorien: ["iptables", "linux"]

iptables - reduce number of concurrent connections

the hint comes from https://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable

add the rule:

iptables -A INPUT -p tcp --syn --dport 8878 -m connlimit --connlimit-above 2 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

check the rules:

iptables -S INPUT

test the rule with three different web-browsers at the same time. see my youtube video

delete the rule

iptables -D INPUT -p tcp --syn --dport 8878 -m connlimit --connlimit-above 2 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
iptables -S INPUT
ss -at | grep 8878

in case you want to log rejected connections you can just add the same iptables-rule with the logging parameters before, for example you can insert two rules:

iptables -A INPUT -p tcp --syn --dport 8878 -m connlimit --connlimit-above 2 --connlimit-mask 32 -j LOG --log-level 6 --log-prefix to-many-concurrent-connections
iptables -A INPUT -p tcp --syn --dport 8878 -m connlimit --connlimit-above 2 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

HOME