Use iptables to limit the number of connections of the same ip address

Iptables-IINPUT-ptcp -- dport80-mconnlimit -- connlimit-above30-jREJECT # allows up to 30 connections per IP address using iptables plus the recent module to block a large number of requests to the new version of iptables with a simple and efficient feature, you can set it to prevent too many source IP addresses from going online instantly. This type of resistance Iptables-I INPUT-p tcp -- dport 80-m connlimit -- connlimit-above30-j REJECT
# The maximum number of connections allowed for a single IP address is 30. use iptables with the recent module to block a large number of requests.
The new version of iptables provides a simple and efficient function that can be used to prevent too many source IP addresses from going online instantly. This blocking function is very popular in some, especially for large discussion area websites, where every webpage is "ignorant but deliberate. Too many links are accessed in an instant, causing the server to become sluggish.
In this case, the following three lines of commands are required:
Iptables-I INPUT-p tcp -- dport 80-d SERVER_IP-m state -- stateNEW-m recent -- name httpuser -- set
Iptables-a input-m recent -- update -- name httpuser -- seconds60 -- hitcount 9-j LOG -- log-prefix 'http attack :'
Iptables-a input-m recent -- update -- name httpuser -- seconds60 -- hitcount 9-j DROP
Replace SERVER_IP with the IP address of the attacked server.
1. the first line indicates-I, which inserts this rule into the top header of the INPUT chain. What are the rules? As long as the connection is TCP, the target Port is 80, and the target IP address is the IP address of our machine. when we were just built up, we included the connection in the httpuser list.
2. the second line indicates-A, which attaches the rule to the end of the INPUT chain. Within 60 seconds, multiple online connections are continuously generated from the same source. When 9th online connections are reached, we will leave a Log record for this online connection. The record line starts with HTTPattack. Each time this rule is compared ,? Update updates the list in the httpuser list.
3. the third line indicates-A, which attaches the rule to the end of the INPUT chain. The same comparison condition, but this action is to disconnect this online.
Therefore, these three rules indicate that we allow a client to connect eight servers each minute. The specific value can be determined by the manager. These rules can also be used in other online services open to the Internet, such as port 22 (SSH) and port 25 (smtp email ).
Why is the new iptables effective in blocking? Because these new module functions are not available in earlier versions of iptables, we need to use the Shell interface of the operating system to periodically perform network checks and blocking actions. The former only applies to network layer resources, while the latter is already a large number of (relatively speaking) operations at the application layer. Imagine that the servers have already been used by the white-eye customers. Which of the following calls for software-level computing periodically to block white-eye customers?
If the preceding command is executed, the following error is returned:
Iptables: No chain/target/match by that name
This indicates that the iptables module function is not checked during kernel compilation. You need to re-check and compile it ~~~ Another possibility is that the sharing core provided by the service company on the server you are using does not enable this function, but because it is the core sharing... So... You do not have the right to recompile the core.