As previously mention iptables can do this. I suggest you lookm at the online doc at URL:
http://www.netfilter.org/documentation/HOWTO//netfilter-extensions-HOWTO-3.h tml#ss3.5 Which says: 3.5 iplimit patch This patch by Gerd Knorr <[EMAIL PROTECTED]> adds a new match that will allow you to restrict the number of parallel TCP connections from a particular host or network. For example, let's limit the number of parallel HTTP connections made by a single IP address to 4 : # iptables -A INPUT -p tcp --syn --dport http -m iplimit --iplimit-above 4 -j REJECT # iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN #conn/32 > 4 reject-with icmp-port-unreachable Or you might want to limit the number of parallel connections made by a whole class A for example : # iptables -A INPUT -p tcp --syn --dport http -m iplimit --iplimit-mask 8 --iplimit-above 4 -j REJECT # iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination REJECT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN #conn/8 > 4 reject-with icmp-port-unreachable Supported options for the iplimit patch are : [!] --iplimit-above n -> match if the number of existing tcp connections is (not) above n --iplimit-mask n -> group hosts using mask The iplimit module for iptables is shipped with SLES8 (you don't mention what your Linux is?) All the Best Mark Perry > -----Original Message----- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of > McKown, John > Sent: Tuesday, February 22, 2005 10:38 PM > To: [email protected] > Subject: Limit number of IP (telnet, ssh, etc) sessions to a given IP? > > This just came up here in a different context. Is there some standard > way in Linux to limit the number of "incoming" connections accepted from > a single IP address. > > E.g. allow a desktop to telnet/ssh into a given Linux instance only > once, or twice, or "n" times. If so, can this limit be applied per IP? > per IP:port combination. > > I can't think of anything, but I'm not a real Linux or TCP/IP guru, > either. > > > -- > John McKown > Senior Systems Programmer > UICI Insurance Center > Information Technology > > This message (including any attachments) contains confidential > information intended for a specific individual and purpose, and its' > content is protected by law. If you are not the intended recipient, you > should delete this message and are hereby notified that any disclosure, > copying, or distribution of this transmission, or taking any action > based on it, is strictly prohibited. > > ---------------------------------------------------------------------- > For LINUX-390 subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or > visit > http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
