1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Looking for a way to limit the connections per device...

Discussion in 'Tomato Firmware' started by akujind, Jun 5, 2007.

  1. akujind

    akujind Network Guru Member

    I've looked around the QoS settings, and I don't see anything that would let me limit the number of connections for a specific MAC address. Anyone know if there's any way to do that?

    iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.22.10 -m connlimit --connlimit-above 125 -j DROP

    Is that the script I need? I found it in the Tomato wiki. I just need to specify the number of connections and the IP address of the device, right?
     
  2. GeeTek

    GeeTek Guest

    That script is for control by IP, not MAC. Also, the command used is for a range of addresses. Don't know if it will work properly with 1 address.
     
  3. affer

    affer LI Guru Member

    Something along the lines of -
    iptables -I FORWARD -m mac --mac-source 00:00:00:00:00:00 -p tcp -m connlimit --connlimit-above 125 -j DROP

    Unless you are going to study & understand the syntax, you'd be better served availing yourself to a script generator such as Robson's (see Tomato FAQ for a link).
     
  4. der_Kief

    der_Kief Super Moderator Staff Member Member

  5. akujind

    akujind Network Guru Member

    I am okay with limiting by IP since I have static DHCP on the router. Would the script I posted work?
     
  6. affer

    affer LI Guru Member

    Then your request is a moving target. Do you want to filter via MAC, as originally stated or by IP now?

    No. It should fail, as you specify an IP range which is then delineated illegally. Do yourself a favour & look at Robsonn's script generator.
     
  7. GeeTek

    GeeTek Guest

    The static DHCP he uses will maintain the same IP per machine.

    Akujind, are you running low on IP addresses ? If not, just allocate a 5 block IP range to be limited with that script. For example, 192.168.1.225 - 192.168.1.230, and put the PC you desire to control within that range.
     

Share This Page