* max number of connection
@ 2007-01-08 13:19 ` Carlos Eduardo R. L. de Miranda
2007-01-08 20:43 ` Jan Engelhardt
0 siblings, 1 reply; 4+ messages in thread
From: Carlos Eduardo R. L. de Miranda @ 2007-01-08 13:19 UTC (permalink / raw)
To: netfilter
Hello all,
Is it possible to limit the number of concurrent connection (input/output -
tcp/udp) each IP (node) can have at any given time?
Thank you,
Carlos
_____
avast! Antivirus <http://www.avast.com> : Outbound message clean.
Virus Database (VPS): 0701-3, 08/01/2007
Tested on: 8/1/2007 10:19:43
avast! - copyright (c) 2000-2007 ALWIL Software.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: max number of connection
2007-01-08 13:19 ` Carlos Eduardo R. L. de Miranda
@ 2007-01-08 20:43 ` Jan Engelhardt
2007-01-09 3:02 ` Grant Taylor
0 siblings, 1 reply; 4+ messages in thread
From: Jan Engelhardt @ 2007-01-08 20:43 UTC (permalink / raw)
To: Carlos Eduardo R. L. de Miranda; +Cc: netfilter
>Hello all,
>
>Is it possible to limit the number of concurrent connection (input/output -
>tcp/udp) each IP (node) can have at any given time?
-m connlimit
-`J'
--
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: max number of connection
2007-01-08 20:43 ` Jan Engelhardt
@ 2007-01-09 3:02 ` Grant Taylor
2007-01-09 15:01 ` Jan Engelhardt
0 siblings, 1 reply; 4+ messages in thread
From: Grant Taylor @ 2007-01-09 3:02 UTC (permalink / raw)
To: Mail List - Netfilter
On 01/08/07 14:43, Jan Engelhardt wrote:
> -m connlimit
Not to be a stickler, but does connlimit have a way to control the total
number of combined in AND out bound connections a host has? I.e. if you
were to run this on a gateway where you wanted to limit a computer
behind it to a grand total of 10 connections? Wouldn't connlimit
usually be applied in such a way as to watch traffic in one direction
and another rule to watch the traffic in the other direction? I.e. 10
outbound connections in addition to 3 inbound connections thus totaling
13 connections? Or does connlimit take care of this internally?
I think an answer that I have seen to this in the past has used bridging
where you would watch for packets entering the bridge and leaving the
bridge at the same time. This way, one rule would catch all inbound AND
outbound traffic.
Thoughts / comments / opinions / suggestions are welcomed.
Grant. . . .
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: max number of connection
2007-01-09 3:02 ` Grant Taylor
@ 2007-01-09 15:01 ` Jan Engelhardt
0 siblings, 0 replies; 4+ messages in thread
From: Jan Engelhardt @ 2007-01-09 15:01 UTC (permalink / raw)
To: Grant Taylor; +Cc: Mail List - Netfilter
>> -m connlimit
>
> Not to be a stickler, but does connlimit have a way to control the
> total number of combined in AND out bound connections a host has?
That does not exist yet AFAICS. You would have to combine hashlimit with
connlimit, creating a new kernel module, somehow...
--
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2007-01-09 15:01 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-01-08 13:19 max number of connection Carlos Eduardo R. L. de Miranda
2007-01-08 13:19 ` Carlos Eduardo R. L. de Miranda
2007-01-08 20:43 ` Jan Engelhardt
2007-01-09 3:02 ` Grant Taylor
2007-01-09 15:01 ` Jan Engelhardt
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.