----- Original Message -----
From: "rabbtux rabbtux" <rabbtux gmail.com>
To: <netfilterlists.netfilter.org>
Sent: Friday, April 21, 2006 9:01 PM
Subject: one rule to create per IP connlimits?
> All,
> Is there anyway I could create a rule that would create
a tcp
> connection limit (say 20) for traffic from say
10.10.2.96/27 that
> would apply to each of the 32 IPs. That is each
address,
> 10.10.2.96-127 would be limited to 20 connections?? Or
do I need to
> make up one iptables rule per address?
> It sure would be nice if I could do this with one rule
per address
> block, as I have several hundred addresses to limit!
> Thanks in advance - marshall
maybe this way:
iptables -I FORWARD -p tcp --syn -s 10.10.2.96/27 -m
connlimit --connlimit-above 20 -j REJECT
or
iptables -I FORWARD -p tcp --syn -m iprange --src-range
10.10.2.96-10.10.2.127 -m connlimit --connlimit-above 20 -j
REJECT
robee
|