Even iptables is not a suitable solution for this and cannot handle this particular scenario.
The obvious approach would be a rule similar to this (snippet, not full chain):
However hitcount is limited to 20 on most recent kernels; any value larger than that will throw an error message since it cannot keep track of more than 20 connections.
This is -as far as I know- harcoded in the kernel and unless you load a custom module or use a non-stadard kernel it won't allow you to go beyond that number.
(300 conns / 10 seconds) is barely equal to (100 conns / 1 second) which is still much larger than 20; not useful.
Try other suggestions like using the tools provided by Apache or a more featured/robust firewall (a HW firewall perhaps, a routing ACL, etc).
Also, it would be more helpful if you explained what is the problem at hand that you're trying to solve instead of how you are trying to solve it.
I have D-Link Router DSL-2730U that support busybox OS and iptables version 1.4.0
I managed successfully to block the host for being connect to the internet using the following command
block by ip address
iptables -I FORWARD -d 192.168.1.6 -j DROP
Or By mac source
iptables -I... (0 Replies)
Hi All!
Please help me with this situation:
I have 3 servers configured with the following network 10.100.48.xx and I have configured on the passwordless connection, and it is working fine.
Now the app vendor ask me to configure a 2nd IP address on each of the 3 servers with a different IP... (4 Replies)
I am having an issue with iptables. My server is a RHEL6 64bit system.
In my application I have a large number of connected clients ~100k to a particular service. The application works fine when iptables is off, 100k clients are able to connect.
However, when I turn iptables on and add a... (1 Reply)
Hi all, I'm using to Solaris machine. When I run a simple script this messenger come out:"limit: stacksize: Can't remove limit". Any one know the way to resolve this problem without reboot the machine?
Thanks in advance. (3 Replies)
edit; I found a solution that works, see thread #3 https://www.unix.com/302417065-post3.html
Hi there,
I have a small dedicated server that has four ip addresses and by default my httpd sends request using the servers main ip for all outbound connections.
I'm quite amateur at routing and... (4 Replies)
Hello,
I am currently trying to limit incoming UDP length 20 packets on a per IP basis to 5 a second using IPTables on a Linux machine (CentOS 5.2).
Basically, if an IP is sending more than 5 length 20 UDP packet a second to the local machine, I would like the machine to drop the excess... (1 Reply)
Hello everybody,
Look, im having problems with connections from other server, i must recieve maximus 5 connections from the other server, when I run 'netstat -A | grep <THE_OTHER_SERVER_IP>' I can see how many connections I have already established, but when they open another connection, i mean... (8 Replies)
Hello All,
I have 2 qries about X connections on HP-UX :
1.How/where to determine whether "X connections" to the server are controlled.
2. How/where to determine whether "X11 connection" are tunnelled via ssh.
3. How/where to determine the "Time in minutes before unattended X terminals... (0 Replies)
Hello there, just a quick question.....Can someone please explain the concept that enables you to establish a connection using the same userId
Thanx (1 Reply)
In my organization in order for anyone to go to any Unix server they have to go through "SERVER A" and login as themselves.
Then people are free to go enywhere they please.
For example:
SERVER A, loggs in as himself
telnets to SERVER B, loggs in as guest
telnets to SERVER C, loggs in as... (8 Replies)