{{tag>firewall network}}

====== Control traffic by port number ======

Something like this should do the job, using the connlimit module of iptables.

  iptables -t filter -I INPUT -p tcp --dport 80 -j ACCEPT

  iptables -t filter -I INPUT -p tcp --dport 80 -m state \
  --state RELATED,ESTABLISHED -j ACCEPT

Adjust "--connlimit-above NN" to limit the maximum connections per IP that you need.

  iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit \
  --connlimit-above 10 --connlimit-mask 32 -j DROP

Adjust "--connlimit-above NNN" to the maximum total connections you want your web server to support

  iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit \
  --connlimit-above 150 -j DROP



====== See also ======

====== References ======
https://old.reddit.com/r/linuxadmin/comments/c28sdl/heres_another_one_how_do_you_control_traffic_by/