connlimit with iptable

Support for security such as Firewalls and securing linux
mario_almeida
Posts: 3
Joined: 2009/07/02 05:15:44

connlimit with iptable

Postby mario_almeida » 2009/07/02 05:25:37

Hi All,

Can someone tell me how to enable connlimit module for iptable

//Remy

pschaff
Retired Moderator
Posts: 18276
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America
Contact:

Re: connlimit with iptable

Postby pschaff » 2009/07/02 21:48:58

Apparently not easily. From a google on

Code: Select all

connlimit iptables site:centos.org

http://lists.centos.org/pipermail/cento ... 59656.html

Please do the "Required reading" and do not multi-post. Another moderator already removed multiple duplicates of your post.

thewebhostingdi
Posts: 11
Joined: 2009/08/03 18:27:55
Contact:

Re: connlimit with iptable

Postby thewebhostingdi » 2009/08/16 05:30:21

add -m connlimit --connlimit-above

iptables -m connlimit

other options are set at the following location.

/etc/sysconfig/iptables-config

familyguy
Posts: 96
Joined: 2008/03/21 23:06:21

Re: connlimit with iptable

Postby familyguy » 2009/08/26 15:37:31

Given the complexity of installing a non-standard kernel, can anyone offer advice on achieving similar functionality to connlimit? One of my machines is constantly being beaten up (though it is overengineered enough to take the bogus workload in stride). It's usually a dozen or so IP's simultaneously hitting port 80 scanning for SQL injection opportunities in php scripts. The remote IP will connect hundreds or thousands of times, each time from a different source port. Ideally, I'd like to just pick some arbitrary cutoff (say 30 connections within a minute) and drop subsequent connections after that threshold is met.

Any suggestions?

Edit: found this in the wiki and seasoned to taste (does this look like it will work as expected?):

iptables -A INPUT -p tcp --dport 80 --syn -m limit --limit 1/m --limit-burst 30 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 --syn -j DROP