Skip to main content

IPTables connlimit not working?

Scott Galambos
I'm trying to rate throttle a subnet. I do this: iptables -A INPUT -p tcp --syn --dport 80 -s 161.129.70.0/24 -m connlimit --connlimit-above 1 --connlimit-mask 24 -j REJECT --reject-with tcp-reset Listing the chain input shows its in there: Chain INPUT (policy DROP) target prot opt source destination ... ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53 LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0 REJECT tcp -- 161.129.70.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/24 > 1 reject-with tcp-reset But when more then 1 connection from that submit hits port 80 its still allowed in. I can connect like 3 times. why? I'm manually doing this iptables command from the command line after csf has run and all the rules iptables rules are already setup and running. does that matter? I know there is a CONNLIMIT option in csf.conf, but that applies to everything, I only want to limit one or two subnets.

Comments

2 comments

Date Votes
  • Scott Galambos
    I see, I have to -I not -A it.
    0
  • cPanelMichael
    I see, I have to -I not -A it.

    Hi Scott, Thanks for sharing the outcome! I've marked this thread as solved.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post