Version 2 (modified by niles, 2 years ago) (diff) |
---|
Limiting the number of connections from any one IP address
Thanks to Jennifer Spencer for referring me to the page :
https://access.redhat.com/solutions/396273
which essentially answers this question.
Sometimes a client will try very parallel downloads of SDO data, which can be problematic. As a result it can be useful to limit the number of connections from any one IP. To do this, edit the file :
/etc/sysconfig/iptables
And add something like this :
# Limit to 5 per IP on port 80 -A RH-Firewall-1-INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j DROP
That limits the number of simultaneous connections from any one IP to 5.
Then restart iptables :
# service iptables restart
Here is an example of that file :
# cat /etc/sysconfig/iptables *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [378096909:36912540108] :RH-Firewall-1-INPUT - [0:0] -A INPUT -j RH-Firewall-1-INPUT -A FORWARD -j RH-Firewall-1-INPUT -A RH-Firewall-1-INPUT -i lo -j ACCEPT . . . . # Limit to 5 per IP on port 80 -A RH-Firewall-1-INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -j DROP . . . . COMMIT