Fórum Root.cz
Hlavní témata => Sítě => Téma založeno: piter_sk 25. 02. 2013, 16:55:06
-
Zdravim,
skusil som hladat v tomto fore, ale nenasiel som nic, tak sa pytam...
poznate niekto sposob ako v iptables limitovat pocet aktivnych spojeni podla zdrojovej ip adresy? viem ze existuje connlimit, ale ten limituje len spojenia podla cielovej IP (alebo podsiete). V openBSD by to bolo max-src-conn 100.
vdaka
-
nevim co mas za problem s connlimit
connlimit
Allows you to restrict the number of parallel connections to a server per client IP address (or client address block).
--connlimit-upto n
Match if the number of existing connections is below or equal n.
--connlimit-above n
Match if the number of existing connections is above n.
--connlimit-mask prefix_length
Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32. For IPv6, between 0 and 128. If not specified, the maximum prefix length for the applicable protocol is used.
--connlimit-saddr
Apply the limit onto the source group. This is the default if --connlimit-daddr is not specified.
--connlimit-daddr
Apply the limit onto the destination group.
-
nevim co mas za problem s connlimit
connlimit
Allows you to restrict the number of parallel connections to a server per client IP address (or client address block).
--connlimit-upto n
Match if the number of existing connections is below or equal n.
--connlimit-above n
Match if the number of existing connections is above n.
--connlimit-mask prefix_length
Group hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32. For IPv6, between 0 and 128. If not specified, the maximum prefix length for the applicable protocol is used.
--connlimit-saddr
Apply the limit onto the source group. This is the default if --connlimit-daddr is not specified.
--connlimit-daddr
Apply the limit onto the destination group.
Samozrejme mas pravdu, uz som si to vsimol. blbo som to testoval, chybicka sa vludila...