(iptables) connlimit per destination IP equivalent

Hi,

I can control the number of outgoing connections per source IP by:

iptables -A FORWARD -o $IF_EXTERNAL -p tcp --syn --dport 1024: -m
connlimit --connlimit-above 100 -j DROP

The question is, how can i limit the number of incoming connections ??
I don't think about limiting incoming connections per source IP (like
connlimit does) but rather per destination IP.

Is this possible, and how?

Thanks in advance.

On Tue, 04 Apr 2006 21:52:23 +0200, dzikus wrote:

> Hi,
>
> I can control the number of outgoing connections per source IP by:
>
> iptables -A FORWARD -o $IF_EXTERNAL -p tcp --syn --dport 1024: -m
> connlimit --connlimit-above 100 -j DROP

I would suggest that you place this on the internal interface in stead of
letting the packet pass through your box before being dropped.


> The question is, how can i limit the number of incoming connections ??
> I don't think about limiting incoming connections per source IP (like
> connlimit does) but rather per destination IP.
>
> Is this possible, and how?

Sure look at the LIMIT setting in iptables.


--

Regards
Robert

Smile... it increases your face value!


----== Posted via Newsfeeds.Com - Unlimited-Unrestricted-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----