On Friday 02 December 2005 10:03, Szabo Nandor wrote: > What should I use limiting the maximum connection from one IP address (to > protect SPAM and some worm)? [...] > - tcpserver limit patch > http://linux.voyager.hr/ucspi-tcp/ > Thats's clean.
My experiences with this patch weren't that good when I tested it - but it's a while ago thought. Back then we had troubles bcz of stalled connections, connection counter which was not updated immediately after dropping connections... > - Or more drastic way: kernel level, 'iptables --match limit' We use the connlimit patch [1] to limit concurrent connections to our mailservers - as far as I remember, the limit match is used to limit per timeframe, but not for connection count. Regards, Matthias [1] http://www.netfilter.org/projects/patch-o-matic/pom-base.html#pom-base-connlimit
