Configure the tracking of all connections from IP addresses to the server.
juggernaut --task=lfd:tracking:connection
Option |
Value | Default | Description |
---|---|---|---|
--CT_LIMIT |
<0|10-1000> | 500 | Enable the tracking of all connections from IP addresses to the server. If the total number of connections is greater than this option then the offending IP address is blocked. This can help stop some types of DOS attack. To disable this option set to 0. Warning: Do not set this number too low. A recommended setting would be around 500. |
--CT_SUBNET_LIMIT |
<digit> | 0 | If the total number of connections from a class C subnet is greater than this value then the offending subnet is blocked according to the other CT_* settings. This option can be used to help prevent some types of DOS attack where a range of IPs between x.y.z.1-255 has connected to the server. If you use a reverse proxy service such as Cloudflare you should not enable this option, or should exclude the ports that you have proxied in CT_PORTS To disable this feature, set this to 0. Warning: Do not set this number too low. |
--CT_INTERVAL |
<10-3600> | 30 | The number of seconds between connection tracking scans. |
--CT_PERMANENT |
<1|0> | 0 | Enable permanent blocking for an IP address when blocked due to connection tracking. |
--CT_BLOCK_TIME |
<digit> | 1800 | The interval in seconds that the IP will remain blocked for. |
--CT_SKIP_TIME_WAIT |
<1|0> | 0 | Do not count the TIME_WAIT state against the connection count. |
--CT_STATES |
<string1,string2> | Only count specific states (e.g. SYN_RECV,TIME_WAIT) for connection tracking. An empty value will count all states against CT_LIMIT. | |
--CT_STATES_add |
<string> | Add a single entry to CT_STATES. | |
--CT_STATES_del |
<string> | Remove a single entry from CT_STATES. | |
--CT_PORTS |
<digit1,digit2> | Only count specific ports (e.g. 80,443) for connection tracking. An empty value will count all ports against CT_LIMIT. | |
--CT_PORTS_add |
<digit> | Add a single entry to CT_PORTS. | |
--CT_PORTS_del |
<digit> | Remove a single entry from CT_PORTS. | |
--default |
<yes> | Reset all settings to their default values. | |
--default_option |
<option> | Reset a specific setting to its default value. | |
--restart |
<yes> | Restart the service after saving settings. |
// set the CT_LIMIT
juggernaut --task=lfd:tracking:connection --CT_LIMIT=300 --restart=yes
// reset CT_LIMIT back to default
juggernaut --task=lfd:tracking:connection --default_option=CT_LIMIT --restart=yes
// reset all settings back to default
juggernaut --task=lfd:tracking:connection --default=yes --restart=yes