[LARTC] limit number of TCP connections.

[LARTC] limit number of TCP connections.

[Cristiano Soares]

[-- Attachment #1: Type: text/plain, Size: 502 bytes --]

Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network?
For exemple:
    I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP connections at once, so he wouldnt hurt the other users.

Thanks in advance,


Cristiano Soares

[-- Attachment #2: Type: text/html, Size: 1154 bytes --]

Re: [LARTC] limit number of TCP connections.

[Rio Martin.]

On 25 October 2004 am 06:05, Cristiano Soares wrote:
> Hi all. I have a simple question. Is that a way to limit the number os TCP
> or UDP connection of a single HOST in my network? For exemple:
>     I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
> Bittorrent at the same time, and he also is infected by a virus that opens
> more than 500 TCP ports at the same time. So, i want to limit that host to
> be able to open no more then 30 TCP connections at once, so he wouldnt hurt
> the other users.
> Thanks in advance,
> Cristiano Soares


Try connlimit patches from Iptables POM
www.netfilter.org

- Rio.Martin -
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] limit number of TCP connections.

[George Alexandru Dragoi]

iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP

with udps things are a bit simmilar, except you dont need the --syn

On Mon, 25 Oct 2004 17:45:14 +0000, Rio Martin. <rio@martin.mu> wrote:
> On 25 October 2004 am 06:05, Cristiano Soares wrote:
> 
> 
> > Hi all. I have a simple question. Is that a way to limit the number os TCP
> > or UDP connection of a single HOST in my network? For exemple:
> >     I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
> > Bittorrent at the same time, and he also is infected by a virus that opens
> > more than 500 TCP ports at the same time. So, i want to limit that host to
> > be able to open no more then 30 TCP connections at once, so he wouldnt hurt
> > the other users.
> > Thanks in advance,
> > Cristiano Soares
> 
> 
> Try connlimit patches from Iptables POM
> www.netfilter.org
> 
> - Rio.Martin -
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 


-- 
Bla bla
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] limit number of TCP connections.

[Rio Martin.]

Hello George,
Thanks for adding some more infos related to this question.

- Rio.Martin -


On Monday 25 October 2004 15:12, George Alexandru Dragoi wrote:
> iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
> -m limit --limit 50/s --limit-burst 100 -j ACCEPT
> iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j
> DROP
>
> with udps things are a bit simmilar, except you dont need the --syn
>
> On Mon, 25 Oct 2004 17:45:14 +0000, Rio Martin. <rio@martin.mu> wrote:
> > On 25 October 2004 am 06:05, Cristiano Soares wrote:
> > > Hi all. I have a simple question. Is that a way to limit the number os
> > > TCP or UDP connection of a single HOST in my network? For exemple: I
> > > have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
> > > Bittorrent at the same time, and he also is infected by a virus that
> > > opens more than 500 TCP ports at the same time. So, i want to limit
> > > that host to be able to open no more then 30 TCP connections at once,
> > > so he wouldnt hurt the other users.
> > > Thanks in advance,
> > > Cristiano Soares
> >
> > Try connlimit patches from Iptables POM
> > www.netfilter.org
> >
> > - Rio.Martin -
> > _______________________________________________
> > LARTC mailing list / LARTC@mailman.ds9a.nl
> > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/