Tag Archives: iptables

Blocking Torrents and Connection Limiting

Here’s the sample lines for connection limiting, where br0 is the internal LAN:

# only allow 25 connections per host total, only 5
# of which can be above port 1024

/usr/sbin/iptables -I FORWARD -i br0 -p tcp –syn –dport 1: -m connlimit –connlimit-above 25 -j REJECT
/usr/sbin/iptables -I FORWARD -i br0 -p tcp –syn –dport 1024: -m connlimit –connlimit-above 5 -j REJECT
/usr/sbin/iptables -I FORWARD -i br0 -p udp –dport 1: -m connlimit –connlimit-above 25 -j REJECT
/usr/sbin/iptables -I FORWARD -i br0 -p udp –dport 1024: -m connlimit –connlimit-above 5 -j REJECT

OR

/usr/sbin/iptables -A FORWARD -s 192.168.1.2 -p tcp -m connlimit –connlimit-above 10 -j DROP

Read More

Upgrading Iptables to 1.4 on Debian Etch

I required the module connlimit to limit the number of connections on one of our Debian firewall boxes. First download the iptables-1.4.2.tar.bz2version from Netfilter. Unpack the tarball tar -xjvf iptables-1.4.2.tar.bz2 Change directory cd iptables-1.4.2 configure iptables ./configure –prefix=/ if you just use ./configure then everything will be installed to /usr/local make and install iptables make

Read More

Bad Behavior has blocked 181 access attempts in the last 7 days.