From mboxrd@z Thu Jan  1 00:00:00 1970
From: George Alexandru Dragoi <waruiinu@gmail.com>
Date: Mon, 25 Oct 2004 15:12:47 +0000
Subject: Re: [LARTC] limit number of TCP connections.
Message-Id: <3063e5041025081257f6152f@mail.gmail.com>
List-Id: <lartc.vger.kernel.org>
References: <000f01c4ba58$a7df3c90$5c9cfea9@stillnicks>
In-Reply-To: <000f01c4ba58$a7df3c90$5c9cfea9@stillnicks>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
To: lartc@vger.kernel.org

iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP

with udps things are a bit simmilar, except you dont need the --syn

On Mon, 25 Oct 2004 17:45:14 +0000, Rio Martin. <rio@martin.mu> wrote:
> On 25 October 2004 am 06:05, Cristiano Soares wrote:
> 
> 
> > Hi all. I have a simple question. Is that a way to limit the number os TCP
> > or UDP connection of a single HOST in my network? For exemple:
> >     I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
> > Bittorrent at the same time, and he also is infected by a virus that opens
> > more than 500 TCP ports at the same time. So, i want to limit that host to
> > be able to open no more then 30 TCP connections at once, so he wouldnt hurt
> > the other users.
> > Thanks in advance,
> > Cristiano Soares
> 
> 
> Try connlimit patches from Iptables POM
> www.netfilter.org
> 
> - Rio.Martin -
> _______________________________________________
> LARTC mailing list / LARTC@mailman.ds9a.nl
> http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> 


-- 
Bla bla
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/