1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Some help with iptables?

Discussion in 'Tomato Firmware' started by Meffy, Dec 17, 2008.

  1. Meffy

    Meffy LI Guru Member

    iptables -I FORWARD -s -p tcp -m connlimit --connlimit-above 30 -j DROP
    iptables -I FORWARD -s -p udp -m limit --limit 1/sec -j DROP

    Im seeing over 100 tcp connections in QoS tho..Anyone got any suggestions?Secondly,any script i can use to limit udp connections?
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Hi Meffy

    Probably your script is working but the connections you see in conntrack/qos are waiting to be expired. You could try to expire them faster by changing the settings in conntrack - search this site for info on doing this.

    Firewall scripts:

    #Limit UDP connections per user
    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 50 -j DROP

    #Limit TCP connections per user
    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 200 -j DROP

Share This Page