Hi,
Checkout the iplimit patch in netfilter CVS. $ Author: Gerd Knorr <[EMAIL PROTECTED]> $ Status: ItWorksForMe[tm] $ $ This adds CONFIG_IP_NF_MATCH_IPLIMIT match allows you to restrict the $ number of parallel TCP connections to a server per client IP address $ (or address block). $ $ Examples: $ $ # allow 2 telnet connections per client host $ iptables -p tcp --syn --dport 23 -m iplimit --iplimit-above 2 -j REJECT $ $ # you can also match the other way around: $ iptables -p tcp --syn --dport 23 -m iplimit ! --iplimit-above 2 -j ACCEPT $ $ # limit the nr of parallel http requests to 16 per class C sized $ # network (24 bit netmask) $ iptables -p tcp --syn --dport 80 -m iplimit --iplimit-above 16 \ $ --iplimit-mask 24 -j REJECT $ cheers, Lennert On Mon, Oct 29, 2001 at 08:58:56PM -0200, Carlos T. Latsch Cherem wrote: > Hi, > > I have a question: > > Is possible to limit the number of TCP connections trought the bridge? > E.g.: > > iptables -A FORWARD -p tcp -s xxx.xxx.xxx.xxx -m state --state STABLISHED -m > limit --limit 2 -j ACCEPT > iptables -A FORWARD -p tcp -s xxx.xxx.xxx.xxx -m state --state STABLISHED -j > DROP > > Best regards, > > Carlos Cherem > [EMAIL PROTECTED] > _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
