0

I know how to use limit conntrack option to allow for DoS protection. However, I want to add a protection to limit no more than say 50 connections for each port. How can I do this?

Basically, I want to make sure that each port can have no more than 50 connections, rather than globally applying 50 connections (which is what #2 does I believe?)

Would I do something like: 

iptables -A INPUT --dport 1:65535 -m limit --limit 50/minute --limit-burst 50 -j ACCEPT

or 

iptables -A INPUT -m limit --limit 50/minute --limit-burst 50 -j ACCEPT
  • but you do know that this will limit both rouge and valid connections without distinguishing between them? – pQd Apr 11 '12 at 05:06

1 Answers1

1

You will be looking at the --hitcount switch.

--hitcount [hits]

match requiring a certain number of hits within a specific time frame. The maximum value for the hitcount parameter is given by the "ip_pkt_list_tot"

You will also be interested in the --seconds switch.

I believe a sample rule using port 80 and restricting connections to 50 per hour would be something like this:

iptables -I INPUT -p tcp --dport 80 -m state --state NEW -m recent --update --seconds 3600 --hitcount 50 -j DROP
Wesley
  • 32,320
  • 9
  • 80
  • 116
  • @user973917 Oops, sorry. I'm pretty sure that would limit the entire range, not each port within the range. =/ – Wesley Apr 11 '12 at 05:22