Limit connections from one IP with ipfw on FreeBSD

A

Artem2013-03-31 22:46:34

FreeBSD

Artem, 2013-03-31 22:46:34

There is a need to limit the number of simultaneous connections from one IP address. I do it like this:

ipfw add 64999 allow tcp from any to 111.111.111.111 dst-port 80 limit src-addr 30

However, there is a problem here: after a while, the server is no longer available via HTTP. You delete the rule - it immediately works again. Am I doing something wrong?

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

M

microphone, 2013-03-31
@microphone

read aloud what is written and understand what is happening:
a packet from anyone to 111.111.111.111 on port 80 is limited to 30
In LAN, someone else can try to go to the same 111.111.111.111.

M

MarlboroMan, 2013-04-01
@MarlboroMan

Is the server no longer accessible via HTTP to everyone or just to you?
Perhaps, for some reason, connections in the TIME_WAIT state hang for a long time. What does netstat -p tcp
show ?

T

truekenny, 2013-04-01
@truekenny

64999 allow tcp from any to me dst-port 80 setup limit src-addr 30
And if so?