04. June 2023 - verfasst von Oliver Gaida - Kategorien: ["iptables", "linux"]

iptables - reduce the number of global connections per second

screencast

add the rules:

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 8878 -m state --state NEW -m limit --limit 6/s --limit-burst 8 -j ACCEPT
iptables -A INPUT -j REJECT --reject-with icmp-port-unreachable

check the rules:

iptables -S INPUT

delete the rules:

iptables -D INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -D INPUT -p tcp -m tcp --dport 22 -j ACCEPT
iptables -D INPUT -p tcp --dport 8878 -m state --state NEW -m limit --limit 6/s --limit-burst 8 -j ACCEPT
iptables -D INPUT -j REJECT --reject-with icmp-port-unreachable

test the rules:

seq 1 50|while read a; do nc -z -w 1 192.168.2.250 8878 && echo "${a}: ok"||echo "${a}:failed"; done

HOME