iptables dos limit for all ports

Posted by user973917 on Server Fault See other posts from Server Fault or by user973917
Published on 2012-04-11T05:03:26Z Indexed on 2012/04/11 5:31 UTC
Read the original article Hit count: 422

Filed under:
|
|
|

I know how to use limit conntrack option to allow for DoS protection. However, I want to add a protection to limit no more than say 50 connections for each port. How can I do this?

Basically, I want to make sure that each port can have no more than 50 connections, rather than globally applying 50 connections (which is what #2 does I believe?)

Would I do something like:

iptables -A INPUT --dport 1:65535 -m limit --limit 50/minute --limit-burst 50 -j ACCEPT

or

iptables -A INPUT -m limit --limit 50/minute --limit-burst 50 -j ACCEPT

© Server Fault or respective owner

Related posts about linux

Related posts about firewall