Iptables and Connection Limits

Create connection limits for any users using a very basic script in the firewall area as shown below

 

iptables -I FORWARD -p tcp --syn -m iprange --src-range 10.212.1.100-10.212.3.200 -m connlimit --connlimit-above 60 -j DROP
iptables -I FORWARD -p tcp --syn -m iprange --src-range 10.212.3.1-10.212.3.254 -m connlimit --connlimit-above 60 -j DROP
iptables -I FORWARD -m iprange --src-range 10.212.1.100-10.212.3.200 -p ! tcp -m connlimit --connlimit-above 60 -j DROP
iptables -I FORWARD -m iprange --src-range 10.212.3.1-10.212.3.254 -p ! tcp -m connlimit --connlimit-above 60 -j DROP

 

This limits all users in those ip ranges to no more than 60 sessions and I find it very effective

Bad Behavior has blocked 149 access attempts in the last 7 days.