Am Sonntag, 24. M�rz 2002 23:00 schrieb Corin Langosch:
Am Sonntag, 24. M�rz 2002 23:00 schrieben Sie:
> Just thought iptables could help me out here.
> Is it possible (and how) to only allow say 5 new connectios per second for
> an ip address ? Would this be enough for a normal apache user or would he
> get connection errors ? Are there any other ways of protecting my server
> from being overloaded (currently I sent the maxclients count to 75 which is
> almost reached some times..)
What you are looking for is this:
iptables -A CHAIN -d $mywwwip -p tcp --dport 80 --iplimit-above 10 DROP
This drops all connections over 10 from ONE IP.
Another way to do this is:
iptables -A CHAIN -p tcp --syn --dport 80 -m limit --limit 10/s -j ACCEPT
This will Accept 10 NEW tcp-connections in 1 second from ANY IP.
So the first way is better for your needs.
Hope it did help.
Greets M. Weinert.
--
Key fingerprint = 8B 9F 11 D9 17 5F 9F 33 38 87 4F CA 4B 84 9D 20
SysQuadrat
Michael Weinert Stuttgart Filderstadt-Plattenhardt
Tel.: 0711-9970288 Fax: 5360559 Mobil: 0170-4141273
http://www.linux-firewall.de [EMAIL PROTECTED]
