Limit number of connections per IP

Limit number of incoming concurrent connections per IP to 1.

On all ports and IPs of server:

iptables -t filter -I INPUT -p tcp -j ACCEPT
iptables -t filter -I INPUT -p tcp -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -I INPUT -p tcp --syn -m connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP

On port 80 of server:

iptables -t filter -I INPUT -p tcp --dport 80 -j ACCEPT
iptables -t filter -I INPUT -p tcp --dport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -I INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP

On port 80 and IP 91.134.189.246 of server (in case when server has more IPs):

iptables -t filter -I INPUT -p tcp -d 91.134.189.246 --dport 80 -j ACCEPT
iptables -t filter -I INPUT -p tcp -d 91.134.189.246 --dport 80 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t filter -I INPUT -p tcp --syn -d 91.134.189.246 --dport 80 -m connlimit --connlimit-above 1 --connlimit-mask 32 -j DROP

Leave a Reply

Your email address will not be published.