Módulo connlimit

Limitando número de conexões a um serviço por host

iptables -A INPUT -p tcp --dport 21 -m connlimit --connlimit-above 1 -j DROP

Limita a duas conexões simultaneas na porta 80 para cada host conectado a rede

nmap -sP 192.168.0.0/24 | egrep -o '([0-9]{1,3}\.){3}[0-9]{1,3}' | sort -n -t . -k 4 | xargs -I% iptables -A INPUT -s % -p tcp --dport 80 -m connlimit --connlimit-above 2 -j DROP
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s