Iptables – Limit maximum incoming connections to a port using iptables

iptablesport

I have a server that has apache listening on a number of ports. Some ports are used for configuring the server, and another is used to download large files.

My problem is that when I have a large number of clients downloading files, the web interface is uncontactable. I would like to limit the number of clients connecting on the "large file" port so that apache always has available connections to configure the server. A REJECT is fine, the client trying to download the file will back off and retry later. Each client only has one connection open to the server at a time, so limiting by IP won't work.

I know I could put something in front of apache to manage this, but I'd really like to do it in iptables, without adding more software.

Best Answer

You could try --connlimit with the --connlimit-mask option to set a mask of 0.

iptables -A INPUT -p tcp --dport XXY -m connlimit --connlimit-above 5 --connlimit-mask 0 -j REJECT

Where XXY is the port that you want to rate-limit connections to.

Best Answer

Related Solutions

IPtables Rate-Limit – Differences Between Recent and Limit Modules

Iptables – Using iptables to NAT VPN clients to Internet

Related Topic