How to reject more than 100 connections by using iptables command?

Discussion in 'DD-WRT Firmware' started by minlab, Feb 20, 2008.

  1. minlab

    minlab

    Hey there,

    I was using the following command to reject > 100 connections for the specific IP address. It seems doesn't work correct, would you pls help me to check out the command?:halo:


    iptables -I FORWARD -p tcp -s -m connlimit --connlimit-above 20 -j REJECT

  2. minlab

    minlab

    I saw a topic regarding this


    But doesn't work on DD-WRT V24 RC6, any suggestion on this?

    Thank you

    #start of script
    modprobe ipt_connlimit
    iptables -A FORWARD -p tcp --syn -s x.x.x.x -m connlimit --connlimit-above ttt -j REJECT
    iptables -A FORWARD -p tcp --syn -d x.x.x.x -m connlimit --connlimit-above ttt -j REJECT
    #end of script

    x.x.x.x - means client IP
    ttt - maximum nuber simultaneously open connection, above that they will be rejected
    Set for your clients ex. 100-150 connections per IP and you have your problems out.
  3. minlab

    minlab

    any comments? please:biggrin:
  4. szfong

    szfong

    Try MAC address filtering when all else fails! hehe ;-) Must be running a half dozen torrents?? :-( or dd-wrt "Special" (requires purchase to have better bandwidth controls).
  5. minlab

    minlab

    hey szfong, thanks for your comments.

    you are right, someone was using uTorrent to download files all the time, I would like to set MAX. conntection for the IP or MAC, so the IP will not "SUCK OUT" all rest of broadband.

    Any suggestion for the command?

    SNOW Today, keep warm!
  6. szfong

    szfong

    Limit his bandwidth with the "Special" version of dd-wrt. It'll auto cut the # of connections once you limit that particular MAC. Also, lowering the conn. timout will auto cut # of connections as well.
  7. minlab

    minlab

    I am using Linksys WRT150N, is "Special" version support it?

  8. deathevor

    deathevor


    You wrote in my post that you have this problem! So now I found the problem.
    The QoS in DD-WRT really doesn't wor properly. So I installed Tomato 1.17.
    And QoS works fine there. you can set up anything you want there (IP, Ports, MAc,) and it works!!!:)
    Also basic settings are setup well. :)

  9. minlab

    minlab

    Thanks for your input, that is AWESOME!

    Can I install 1.17 on my linksys WRT150N router ? It looks DD-WRT doesn't support QoS properly.
  10. Toxic

    Toxic

    if youy care to look at Polarclouds website you will see it does not support the WRT150N

  11. minlab

    minlab

  12. minlab

    minlab

    I am curious...any success sotries by using iptables command on DD-WRT ?

    have a nice weekend

