Hello, I want to limit the maximum number of simultaneous TCP connections per IP number, say I don't want people flashgeting stuff from my webserver with 50 threads or something.
I am using a per minute limit, but as a matter of fact, I would like to limit people from download stuff at all times, not just that 60/minute interval.
How do I do that? Theses lines are ok? won't they limit simultaneous connections from all IPs at the same time? Did I make myself clear? :)
$IPT -A INPUT -p tcp --dport 80 -m state --state NEW -m limit --limit 60/minute --limit-burst 6 -j ACCEPT
$IPT -A INPUT -p tcp -j REJECT --reject-with tcp-reset
Thanks
Yes, they are limiting everyone.
There is a patch in patch-o-matic (netfilter sources) that does exactly what you are needing.
Good Luck, Koba
