iptables with connlimit question - Networking

This is a discussion on iptables with connlimit question - Networking ; I use connlimit with kernel 2.4 to limit the number of incoming connections to sendmail. /usr/sbin/iptables -A INPUT -p tcp -i eth0 --dport 25 -m connlimit ! --connlimit-above 3 -j ACCEPT - so this says no more then 3 connections ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: iptables with connlimit question

  1. iptables with connlimit question

    I use connlimit with kernel 2.4 to limit the number of incoming
    connections to sendmail.

    /usr/sbin/iptables -A INPUT -p tcp -i eth0 --dport 25 -m connlimit !
    --connlimit-above 3 -j ACCEPT
    - so this says no more then 3 connections from the same IP to port 25,
    works fine.

    /usr/sbin/iptables -A INPUT -p tcp -i eth0 --dport 25 -s 204.1.1.1 -m
    connlimit ! --connlimit-above 25 -j ACCEPT
    - but then I want from a different IP (204.1.1.1) to allow like 25 in at
    once. but it doesn't work. its still maxes at 3

    any idea? the order of the rules doesn't seem to matter.

  2. Re: iptables with connlimit question

    I figured it out, one I had the wrong IP, and the second iptables line
    should negate the same source address which helps.


    Ken Williams wrote:
    > I use connlimit with kernel 2.4 to limit the number of incoming
    > connections to sendmail.
    >
    > /usr/sbin/iptables -A INPUT -p tcp -i eth0 --dport 25 -m connlimit !
    > --connlimit-above 3 -j ACCEPT
    > - so this says no more then 3 connections from the same IP to port 25,
    > works fine.
    >
    > /usr/sbin/iptables -A INPUT -p tcp -i eth0 --dport 25 -s 204.1.1.1 -m
    > connlimit ! --connlimit-above 25 -j ACCEPT
    > - but then I want from a different IP (204.1.1.1) to allow like 25 in at
    > once. but it doesn't work. its still maxes at 3
    >
    > any idea? the order of the rules doesn't seem to matter.


+ Reply to Thread