How to limit 1 connect per 5 seconds? (IPTABLES) [duplicate]
up vote
-1
down vote
favorite
This question already has an answer here:
How to limit 1 connection per 5 seconds? (IPTABLES)
1 answer
I want to limit 1 connect per 5 seconds using IPTABLES for people, which are connecting to port "12871/12881". I was trying to find rule for it, but ineffectively.
firewall
New contributor
marked as duplicate by Romeo Ninov, Fabby, G-Man, maxschlepzig, Jeff Schaller 2 days ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
add a comment |
up vote
-1
down vote
favorite
This question already has an answer here:
How to limit 1 connection per 5 seconds? (IPTABLES)
1 answer
I want to limit 1 connect per 5 seconds using IPTABLES for people, which are connecting to port "12871/12881". I was trying to find rule for it, but ineffectively.
firewall
New contributor
marked as duplicate by Romeo Ninov, Fabby, G-Man, maxschlepzig, Jeff Schaller 2 days ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36
add a comment |
up vote
-1
down vote
favorite
up vote
-1
down vote
favorite
This question already has an answer here:
How to limit 1 connection per 5 seconds? (IPTABLES)
1 answer
I want to limit 1 connect per 5 seconds using IPTABLES for people, which are connecting to port "12871/12881". I was trying to find rule for it, but ineffectively.
firewall
New contributor
This question already has an answer here:
How to limit 1 connection per 5 seconds? (IPTABLES)
1 answer
I want to limit 1 connect per 5 seconds using IPTABLES for people, which are connecting to port "12871/12881". I was trying to find rule for it, but ineffectively.
This question already has an answer here:
How to limit 1 connection per 5 seconds? (IPTABLES)
1 answer
firewall
firewall
New contributor
New contributor
New contributor
asked Nov 23 at 16:13
onStyle
1
1
New contributor
New contributor
marked as duplicate by Romeo Ninov, Fabby, G-Man, maxschlepzig, Jeff Schaller 2 days ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
marked as duplicate by Romeo Ninov, Fabby, G-Man, maxschlepzig, Jeff Schaller 2 days ago
This question has been asked before and already has an answer. If those answers do not fully address your question, please ask a new question.
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36
add a comment |
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36
add a comment |
1 Answer
1
active
oldest
votes
up vote
0
down vote
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
New contributor
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
New contributor
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
add a comment |
up vote
0
down vote
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
New contributor
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
add a comment |
up vote
0
down vote
up vote
0
down vote
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
New contributor
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
New contributor
edited Nov 23 at 17:28
New contributor
answered Nov 23 at 16:50
Michael Prokopec
52415
52415
New contributor
New contributor
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
add a comment |
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds.
– onStyle
Nov 23 at 17:08
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
Made ajustments to my answer. @onStyle
– Michael Prokopec
Nov 23 at 17:31
add a comment |
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher.
– Michael Prokopec
Nov 23 at 16:35
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds.
– onStyle
Nov 23 at 16:36