0

I have a open port, 40002, I want to limit that at the same time the port can only be connected by one ip address(not specific address). if there is an ip address conntecing to that port already, other IPs will fail to connect.

is is possible to configure it by Iptables or scripts? my system is Ubuntu 14.04 thanks.

kenyang001
  • 1
  • only allow one ip(not specific ) through specific port at the same time? – kenyang001 Sep 24 '15 at 09:40
  • This may not be a good idea. If you are under DDoS attack (multiple machine trying to half-open a connection on this specific port), you won't be able to initiate a legitime connection. – Manu H Sep 28 '15 at 07:44

1 Answers1

3

You can do it by configuring iptables.

/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save

Example : Limit SSH Connections Per IP / Host

/sbin/iptables  -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save

TESTING :

#!/bin/bash
ip="202.1.2.3"
port="80"
for i in {1..100}
 do
 # do nothing just connect and exit
echo "exit" | nc ${ip} ${port};
done

OK : To limit n connections max here is an example using the ip limit module :

iptables -A INPUT -p tcp --syn -dport 40002 -m iplimit --iplimit-above 3 -J REJECT

This will REJECT connections if there are 3 IPs connected. Sorry if I misunderstood your question ;)

LScarpinati
  • 71
  • 3
  • Hi LScarpinati, thanks for your information. however, I think you may misunderstand my question. the command you provide can really limit 3 session for same IP. but conversely I want to limit that can only 3 IP to connect, the fourth IP will fail to connect if there are 3 IPs connecting. in a word, I want to limit IP numbers, not sessions . sorry for my poor english. – kenyang001 Sep 25 '15 at 03:43
  • Hi, I've edited my answer. I let the other example for info. ; ) – LScarpinati Sep 28 '15 at 08:10