The method of limiting concurrent TCP connections of a single IP address is applicable to various TCP services on Linux.
Iplimit patch in patch-O-Matic is implemented, which is common for various TCP services.
Practice:
Configure the Linux core, use 2.4.20, and use Patch-o-matic in www.netfilter.org
Iplimit in the base patch. Compile the configuration to install the new core.
Use iptables 1.2.8 of www.netfilter.org to install it in the system.
Example:
1. the maximum number of connections allowed to telnet a single IP address to the local machine is 2. Connections exceeding the limit are denied:
Iptables-I input-P TCP -- dport 23-M iplimit -- iplimit-above 2-J reject
2. Restrict the web services connected to the local machine. The number of concurrent connections of one IP segment C cannot exceed 100, and the number of connections exceeding the limit is denied:
Iptables-I input-P TCP -- dport 80-M iplimit -- iplimit-above 100/
-- Iplimit-mask 24-J reject