1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

FirewallScript connlimit doesnt work

Discussion in 'Tomato Firmware' started by merc, Jul 16, 2009.

  1. merc

    merc Addicted to LI Member


    i have searched the forum for a way to limit the number of connections of a specified IP-adress and found the following script:

    I put this in "Administration->Scripts->Firewall" and "Administration->Scripts->WAN Up" <- not sure if needed there.

    ... but it seems to have no effect. If I look in QoS->View Details the Client sometimes have up to 100 or 150 connections and my Shout-cast-Stream breaks down :mad:

    Under "Logging->Connection Logging->Outbound" I set to "If Blocked By Firewall" but in the logfiles there are no entries from firewall...
    where can I see if there any connections droped :confused:

    sorry for my bad english :rolleyes:

    greetings merc

    using Tomato Firmware v1.25.0103 @ Linksys WRT54GL
  2. SgtPepperKSU

    SgtPepperKSU Network Guru Member

    Change the
    -j DROP
    -j LOG --log-prefix "Would drop: "
    to test what connections would be dropped (you can also include your original rule after this to actually drop them). You should see them in the syslog if they would be dropped with your original rule.

    Also, these should go in the firewall script, not WAN Up.
  3. merc

    merc Addicted to LI Member

    i removed the script from "WAN-Up" and tested

    under "Firewall" with my IP .
    Seems to work fine, there are now entries in the logfile with "would drop".

    I changed back the IP-Adress now and set down the limit to 40.... perhaps that simply too much connections for my 768k-DSL-Connection... will test it the next days and watch the logfile.

    will report if it worked... thx
  4. Toastman

    Toastman Super Moderator Staff Member Member

    Many of the connections shown are actually dead and waiting to time out. You can make this happen quicker by lowering timeout values in Advanced - Conntrack. You can click on "drop idle" to quickly check how many. You'll always have some left, but you can reduce them to levels that don't affect things too badly.

Share This Page