Discussion:
limit number of TCP connections.
Cristiano Soares
2004-10-25 06:05:40 UTC
Permalink
Hi all. I have a simple question. Is that a way to limit the number os TCP or UDP connection of a single HOST in my network?
For exemple:
I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and Bittorrent at the same time, and he also is infected by a virus that opens more than 500 TCP ports at the same time. So, i want to limit that host to be able to open no more then 30 TCP connections at once, so he wouldnt hurt the other users.

Thanks in advance,


Cristiano Soares
Rio Martin.
2004-10-25 17:45:14 UTC
Permalink
Post by Cristiano Soares
Hi all. I have a simple question. Is that a way to limit the number os TCP
I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
Bittorrent at the same time, and he also is infected by a virus that opens
more than 500 TCP ports at the same time. So, i want to limit that host to
be able to open no more then 30 TCP connections at once, so he wouldnt hurt
the other users.
Thanks in advance,
Cristiano Soares
Try connlimit patches from Iptables POM
www.netfilter.org

- Rio.Martin -
_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
George Alexandru Dragoi
2004-10-25 15:12:47 UTC
Permalink
iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP

with udps things are a bit simmilar, except you dont need the --syn
Post by Rio Martin.
Post by Cristiano Soares
Hi all. I have a simple question. Is that a way to limit the number os TCP
I have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
Bittorrent at the same time, and he also is infected by a virus that opens
more than 500 TCP ports at the same time. So, i want to limit that host to
be able to open no more then 30 TCP connections at once, so he wouldnt hurt
the other users.
Thanks in advance,
Cristiano Soares
Try connlimit patches from Iptables POM
www.netfilter.org
- Rio.Martin -
_______________________________________________
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
--
Bla bla
_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Rio Martin.
2004-10-26 12:01:08 UTC
Permalink
Hello George,
Thanks for adding some more infos related to this question.

- Rio.Martin -
Post by George Alexandru Dragoi
iptables -I FORWARD -s 192.168.1.202 -p tcp --syn -m state --state NEW
-m limit --limit 50/s --limit-burst 100 -j ACCEPT
iptables -I FORWARD 2 -s 192.168.1.202 -p tcp --syn -m state --state NEW -j DROP
with udps things are a bit simmilar, except you dont need the --syn
Post by Rio Martin.
Post by Cristiano Soares
Hi all. I have a simple question. Is that a way to limit the number os
TCP or UDP connection of a single HOST in my network? For exemple: I
have a host with IP 192.168.1.202 and he is using edonkey, Kazaa, and
Bittorrent at the same time, and he also is infected by a virus that
opens more than 500 TCP ports at the same time. So, i want to limit
that host to be able to open no more then 30 TCP connections at once,
so he wouldnt hurt the other users.
Thanks in advance,
Cristiano Soares
Try connlimit patches from Iptables POM
www.netfilter.org
- Rio.Martin -
_______________________________________________
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
_______________________________________________
LARTC mailing list / ***@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Continue reading on narkive:
Loading...