I want to limit 1 connect per 5 seconds using IPTABLES for people, which are connecting to port "12871/12881". I was trying to find rule for it, but ineffectively.
Asked
Active
Viewed 7,218 times
-1
-
I would not do that, as it would cause a connection failure to last much longer than it should. It might even last a full 5 seconds, from time to time if connection rates are higher. – Michael Prokopec Nov 23 '18 at 16:35
-
I lead server in game, which have broken Easy Anty Cheat and if there are many connects in one time it break whole server and no one can connect So the solution for it is limit connections in one time to 1 on 5 seconds. – onStyle Nov 23 '18 at 16:36
1 Answers
0
This should help:
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
iptables -A INPUT -p tcp --syn --dport 12871:12881 -m connlimit --connlimit-above 3 -j REJECT
This limits to 3 connections per IP.
Got the info from: Limit max connections per IP address and new connections per second with iptables
Example: Limit Connections Per Second
The following example will drop incoming connections if IP make more than 3 connection attempts to port 12871:12881 within 5 seconds.
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --set
iptables -A INPUT -p tcp --dport 12871:12881 -i eth0 -m state --state NEW -m recent --update --seconds 5 --hitcount 3 -j DROP
Just change eth0 to your interface id...
The hitcount and seconds can be taylored to your needs.
Michael Prokopec
- 2,202
- 7
- 21
-
It wont be enough. I need to do something like a "queue" of connects - for example 1 connect per 5 seconds. – onStyle Nov 23 '18 at 17:08
-