I want to limit the number of TCP connections in Linux server, I have used the following command.
iptables -A INPUT -p tcp –syn –dport 80 -m connlimit
–connlimit-above 25 –connlimit-mask 32 -j REJECT –reject-with tcp-reset
It seems like, something is wrong and desired results are not coming. I get the number of active connections using the following command
netstat -n | grep ':80' | awk -F' ' '{print $5}' | awk -F':' '{print$1}' | sort | uniq -c | sort -n
Now, When I type the above command, I get the following results.
44 122.179.103.8
45 107.167.107.123
46 120.60.76.201
48 122.162.172.182
49 183.87.48.105
51 122.161.241.33
71 198.72.112.97
98 122.168.167.114
103 122.177.169.21
134 106.51.130.193
137 122.165.226.196
As you can see there are more active tcp connections than allowed limit of 25.
Can someone please help me with correct command , or What is going wrong in this ?
Best Answer
Please see there; https://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable
Your line seem to limit to 25 the number per IP.