5

I have a connlimit rule in iptables that allow only 5 connection to port 80.

iptables -A FORWARD -p tcp -m tcp --syn --dport 80 -m connlimit --connlimit-above 5 --connlimit-saddr -j DROP

This rule works fine till I restore iptables. After restore rules, connlimit counters start over and clients/attackers can open 5 more connection.

Is it possible to avoid this situation?

ibrahim
  • 1,067
  • 8
  • 17

1 Answers1

2

Use iptables-save or iptables-resotre with -c option to include bytes and counters.

http://www.iptables.info/en/iptables-save-restore-rules.html

Arash
  • 243
  • 1
  • 9
  • the counter is just how many times the rule has hit, not the number of connections per tuple of IP addresses and per rule. I presume the ones who have upvoted didn't try, because it doesn't work. – Eric Sep 05 '22 at 17:30