Even iptables is not a suitable solution for this and cannot handle this particular scenario.
The obvious approach would be a rule similar to this (snippet, not full chain):
However hitcount is limited to 20 on most recent kernels; any value larger than that will throw an error message since it cannot keep track of more than 20 connections.
This is -as far as I know- harcoded in the kernel and unless you load a custom module or use a non-stadard kernel it won't allow you to go beyond that number.
(300 conns / 10 seconds) is barely equal to (100 conns / 1 second) which is still much larger than 20; not useful.
Try other suggestions like using the tools provided by Apache or a more featured/robust firewall (a HW firewall perhaps, a routing ACL, etc).
Also, it would be more helpful if you explained what is the problem at hand that you're trying to solve instead of how you are trying to solve it.
In my organization in order for anyone to go to any Unix server they have to go through "SERVER A" and login as themselves.
Then people are free to go enywhere they please.
For example:
SERVER A, loggs in as himself
telnets to SERVER B, loggs in as guest
telnets to SERVER C, loggs in as... (8 Replies)
Hello there, just a quick question.....Can someone please explain the concept that enables you to establish a connection using the same userId
Thanx (1 Reply)
Hello All,
I have 2 qries about X connections on HP-UX :
1.How/where to determine whether "X connections" to the server are controlled.
2. How/where to determine whether "X11 connection" are tunnelled via ssh.
3. How/where to determine the "Time in minutes before unattended X terminals... (0 Replies)
Hello everybody,
Look, im having problems with connections from other server, i must recieve maximus 5 connections from the other server, when I run 'netstat -A | grep <THE_OTHER_SERVER_IP>' I can see how many connections I have already established, but when they open another connection, i mean... (8 Replies)
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess... (1 Reply)
edit; I found a solution that works, see thread #3 https://www.unix.com/302417065-post3.html
Hi there,
I have a small dedicated server that has four ip addresses and by default my httpd sends request using the servers main ip for all outbound connections.
I'm quite amateur at routing and... (4 Replies)
Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine?
Thanks in advance. (3 Replies)
I am having an issue with iptables. My server is a RHEL6 64bit system.
In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect.
However, when I turn iptables on and add a... (1 Reply)
Hi All!
Please help me with this situation:
I have 3 servers configured with the following network 10.100.48.xx and I have configured on the passwordless connection, and it is working fine.
Now the app vendor ask me to configure a 2nd IP address on each of the 3 servers with a different IP... (4 Replies)
I have D-Link Router DSL-2730U that support busybox OS and iptables version 1.4.0
I managed successfully to block the host for being connect to the internet using the following command
block by ip address
iptables -I FORWARD -d 192.168.1.6 -j DROP
Or By mac source
iptables -I... (0 Replies)
Discussion started by: iLinux85
0 Replies
LEARN ABOUT SUNOS
iptables-apply
IPTABLES-APPLY(8) iptables 1.6.1 IPTABLES-APPLY(8)NAME
iptables-apply - a safer way to update iptables remotely
SYNOPSIS
iptables-apply [-hV] [-t timeout] [-w savefile] {[rulesfile]|-c [runcmd]}
DESCRIPTION
iptables-apply will try to apply a new rulesfile (as output by iptables-save, read by iptables-restore) or run a command to configure
iptables and then prompt the user whether the changes are okay. If the new iptables rules cut the existing connection, the user will not be
able to answer affirmatively. In this case, the script rolls back to the previous working iptables rules after the timeout expires.
Successfully applied rules can also be written to savefile and later used to roll back to this state. This can be used to implement a store
last good configuration mechanism when experimenting with an iptables setup script: iptables-apply -w /etc/network/iptables.up.rules -c
/etc/network/iptables.up.run
When called as ip6tables-apply, the script will use ip6tables-save/-restore and IPv6 default values instead. Default value for rulesfile is
'/etc/network/iptables.up.rules'.
OPTIONS -t seconds, --timeout seconds
Sets the timeout in seconds after which the script will roll back to the previous ruleset (default: 10).
-w savefile, --write savefile
Specify the savefile where successfully applied rules will be written to (default if empty string is given:
/etc/network/iptables.up.rules).
-c runcmd, --command runcmd
Run command runcmd to configure iptables instead of applying a rulesfile (default: /etc/network/iptables.up.run).
-h, --help
Display usage information.
-V, --version
Display version information.
SEE ALSO iptables-restore(8), iptables-save(8), iptables(8).
LEGALESE
Original iptables-apply - Copyright 2006 Martin F. Krafft <madduck@madduck.net>. Version 1.1 - Copyright 2010 GW <gw.2010@tnode.com or
http://gw.tnode.com/>.
This manual page was written by Martin F. Krafft <madduck@madduck.net> and extended by GW <gw.2010@tnode.com or http://gw.tnode.com/>.
Permission is granted to copy, distribute and/or modify this document under the terms of the Artistic License 2.0.
iptables 1.6.1IPTABLES-APPLY(8)