Iptables question : need help =)
This is a discussion on Iptables question : need help =) within the Linux Security forums, part of the System Security and Security Related category; Hi all, Is it somebody know if it is possible to use iptables rules to allow only N socket open ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-31-2004
|
|||
|
|||
Iptables question : need help =)
Hi all,
Is it somebody know if it is possible to use iptables rules to allow only N socket open per user, or deny the connection to a new socket if N are already open ? Tanks a lot, answer realy help me ;-) Mike mike@cnul.org 
|
|
07-31-2004
|
|||
|
|||
|
Re: Iptables question : need help =)
"mcd" <mike@cnul.org> said:
>Is it somebody know if it is possible to use iptables rules to allow only N >socket open per user, or deny the connection to a new socket if N are >already open ? As far as I know, there isn't such functionality. What it is that you're attempting to achieve (so, what you're trying to achieve with this limitation)? -- Wolf a.k.a. Juha Laiho Espoo, Finland (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++ "...cancel my subscription to the resurrection!" (Jim Morrison)
|
|
07-31-2004
|
|||
|
|||
|
Re: Iptables question : need help =)
"mcd" <mike@cnul.org> wrote in message news:<cefs43$9nk$1@news.tiscali.fr>...
> Hi all, > > Is it somebody know if it is possible to use iptables rules to allow only N > socket open per user, or deny the connection to a new socket if N are > already open ? > > Tanks a lot, > answer realy help me ;-) > > Mike > mike@cnul.org Hi Mike, please have a look at --limit and --limit-burst flags (iptables). By using them on SYN packages you might be able set a policy that will do something similar to what you want to achieve. Cheers, Peter www.dialore.com
|
|
07-31-2004
|
|||
|
|||
|
Re: Iptables question : need help =)
On Sat, 31 Jul 2004 10:47:02 GMT, Juha Laiho wrote:
> "mcd" <mike@cnul.org> said: >>Is it somebody know if it is possible to use iptables rules to allow only N >>socket open per user, or deny the connection to a new socket if N are >>already open ? > > As far as I know, there isn't such functionality. What it is that you're > attempting to achieve (so, what you're trying to achieve with this > limitation)? There is a module to iptables that can do that. Check for connlimit at http://www.netfilter.org/patch-o-matic/pom-base.html. It is not part of the standard kernel. It is very useful to stop p2p users from makeing too many connections. -- Morten Isaksen http://www.aub.dk/~misak/
|
Linear Mode
