I'm trying to write a simple script to limit the number of connections per user. I've followed the tutorial within Tomato's QoS System as well as several examples I've seen in other posts, but I don't believe it is working as I expect. I still see users with many more connections than the limit of 50 I'm trying to impose. Any help would be greatly appreciated. Below is what I'm trying: iptables -I FORWARD -p tcp --syn -m iprange --src-range 192.168.1.64-192.168.1.249 -m connlimit --connlimit-above 50 -j DROP iptables -I FORWARD -p ! tcp -m iprange --src-range 192.168.1.64-192.168.1.249 -m connlimit --connlimit-above 50 -j DROP I've also tried using the PREROUTING command as opposed to the FORWARD command, but again don't believe it had any affect on the number of concurrent connections by a single source IP address.