From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Session Limiting per host
Date: Thu, 21 Dec 2006 00:03:35 +0000 [thread overview]
Message-ID: <4589CF57.6040808@riverviewtech.net> (raw)
In-Reply-To: <6.2.5.6.0.20061220163351.01e43cb0@dueck.bz>
Mark Dueck wrote:
> My situation is this: I have 2 direcway (Hughes now) satellites that I'm
> sharing out to some clients. I only get about 50 sessions per sat, so
> if any one of my clients has limewire or emule open with it's default
> sessions set to 300, no one can browse, or it's extremely sluggish.
>
> I had a Hotbrick doing the dual wan, and it had session limiting per IP
> address. Now the hotbrick failed on me, and I need something else to
> limit the sessions. Just a simple limit of say 15 sessions per IP, or
> 15 new sessions / second per IP.
Take a look at the connlimit match extension.
connlimit
Allows you to restrict the number of parallel TCP connections to a
server per client IP address (or address block).
[!] --connlimit-above n
match if the number of existing tcp connections is (not) above n
--connlimit-mask bits
group hosts using mask Examples:
# allow 2 telnet connections per client host
iptables -p tcp --syn --dport 23 -m connlimit --connlimit-above 2
-j REJECT
# you can also match the other way around:
iptables -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2
-j ACCEPT
# limit the nr of parallel http requests to 16 per class C sized network
(24 bit netmask)
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16
--connlimit-mask 24 -j REJECT
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
prev parent reply other threads:[~2006-12-21 0:03 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-12-20 22:43 [LARTC] Session Limiting per host Mark Dueck
2006-12-21 0:03 ` Grant Taylor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4589CF57.6040808@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.