I need to limit access to some port per IP. Let's say 5 connections per minute – not more.
I've seen iptables recent, connlimit and limit, but all of them are not fitting exactly what I need.
Suppose you have a client trying to connect every second. In my scenario I need to allow 5 packets each minute.
recent: If some IP tries to connect every 1 second, –hitcount 5 will memorize this IP and keep it in the list until no packets comes within –second 60 time. So, it will limit the client permanently in my scenario.
limit: This one limits as I wish with –limit 5/min, but for all IPs – no way to specify this per IP.
connlimit: Limits number of simultaneous connections, not per some time.
In fact, I need a mixture of limit + recent. Who knows how to do it?
Best Answer
I think that this is what you need to limit each source IP to a specified rate.
Detailed examples are given in the URL's below.
http://www.mauromascia.com/blog/limiting-concurrent-connections-per-ip/?lang=it
http://etel.wiki.oreilly.com/wiki/index.php/SIP_DoS/DDoS_Mitigation
http://ipset.netfilter.org/iptables-extensions.man.html