=== Limiting the number of connections from any one IP address ===

Thanks to Jennifer Spencer for referring me to the page :

https://access.redhat.com/solutions/396273

which essentially answers this question.

Sometimes a client will try very parallel downloads of SDO data, which can be problematic. As a result
it can be useful to limit the number of connections from any one IP. To do this, edit the file :

{{{
 /etc/sysconfig/iptables
}}}

And add something like this :

{{{
 # Limit to 5 per IP on port 80
 -A RH-Firewall-1-INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j DROP
}}}

That limits the number of simultaneous connections from any one IP to 5.

Then restart iptables :

{{{
 # service iptables restart
}}}

Here is an example of that file :

{{{
# cat /etc/sysconfig/iptables
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [378096909:36912540108]
:RH-Firewall-1-INPUT - [0:0]
-A INPUT -j RH-Firewall-1-INPUT
-A FORWARD -j RH-Firewall-1-INPUT
-A RH-Firewall-1-INPUT -i lo -j ACCEPT
.
.
.
.
# Limit to 5 per IP on port 80
-A RH-Firewall-1-INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j DROP
.
.
.
.
COMMIT
}}}