antisaWiki

User Tools

Site Tools

Trace: add_new_nagios_check_server control_traffic_by_port_number
wiki:control_traffic_by_port_number

Table of Contents

,

Control traffic by port number

Something like this should do the job, using the connlimit module of iptables. 

iptables -t filter -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -I INPUT -p tcp --dport 80 -m state \
--state RELATED,ESTABLISHED -j ACCEPT

Adjust “–connlimit-above NN” to limit the maximum connections per IP that you need. 

iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit \
--connlimit-above 10 --connlimit-mask 32 -j DROP

Adjust “–connlimit-above NNN” to the maximum total connections you want your web server to support 

iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit \
--connlimit-above 150 -j DROP

See also

References

https://old.reddit.com/r/linuxadmin/comments/c28sdl/heres_another_one_how_do_you_control_traffic_by/

wiki/control_traffic_by_port_number.txt · Last modified: 2021/01/11 14:08 by antisa
Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki