You can use the iptables firewall tool to limit the number of connections that can be established to your server from a single IP address. This is useful for preventing denial-of-service attacks and other types of abuse.
Here’s an example of how to use iptables to limit the number of connections per IP:
- Open a terminal window on your Linux server.
- Use the following command to create a new
iptablesrule that limits the number of connections from a single IP address to 10:
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset
This command creates a new rule in the INPUT chain of the iptables firewall that matches incoming TCP traffic with the SYN flag set (i.e., new connection requests) on port 80, limits the number of connections to 10 per IP address, and rejects any additional connection requests with a TCP reset packet.
You can modify the --connlimit-above parameter to set the maximum number of connections per IP address to a different value.
- Save the new
iptablesrule to the firewall configuration:
service iptables save
This will save the new rule to the iptables firewall configuration, so it will persist across reboots.
Note that iptables rules are processed in order, so if you have other rules that match incoming traffic on port 80, you’ll need to make sure that this rule comes before them in the firewall chain.
By using iptables to limit the number of connections per IP address, you can help protect your Linux server from abuse and maintain its availability.