Connection limit protection configures iptables to offer protection from DOS attacks against specific ports. It can also be used as a way to simply limit resource usage by IP address to specific server services. This option limits the number of new concurrent connections per IP address that can be made to specific ports.
• This feature does not work on servers that do not have the iptables module
xt_connlimitloaded.
• The protection can only be applied to the TCP protocol.
• Existing connections are not included in the count, only new SYN packets, i.e. new connections.
• Run/etc/csf/csftest.plto check whether this option will function on the server.
port;limitCONNLIMIT = "22;5,80;20"| File | Description |
|---|---|
/etc/csf/csf.conf |
CONNLIMIT configuration option |
/usr/local/csf/tpl/connectiontracking.txt |
Connection tracking alert template |