Looking for a way to limit the connections per device...

Discussion in 'Tomato Firmware' started by akujind, Jun 5, 2007.

  akujind

    akujind

    I've looked around the QoS settings, and I don't see anything that would let me limit the number of connections for a specific MAC address. Anyone know if there's any way to do that?

    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 125 -j DROP

    Is that the script I need? I found it in the Tomato wiki. I just need to specify the number of connections and the IP address of the device, right?
  GeeTek

    GeeTek

    That script is for control by IP, not MAC. Also, the command used is for a range of addresses. Don't know if it will work properly with 1 address.
  affer

    affer

    Something along the lines of -
    iptables -I FORWARD -m mac --mac-source 00:00:00:00:00:00 -p tcp -m connlimit --connlimit-above 125 -j DROP

    Unless you are going to study & understand the syntax, you'd be better served availing yourself to a script generator such as Robson's (see Tomato FAQ for a link).
  der_Kief

    der_Kief

  akujind

    akujind

    I am okay with limiting by IP since I have static DHCP on the router. Would the script I posted work?
  affer

    affer

    Then your request is a moving target. Do you want to filter via MAC, as originally stated or by IP now?

    No. It should fail, as you specify an IP range which is then delineated illegally. Do yourself a favour & look at Robsonn's script generator.
  GeeTek

    GeeTek

    The static DHCP he uses will maintain the same IP per machine.

    Akujind, are you running low on IP addresses ? If not, just allocate a 5 block IP range to be limited with that script. For example, -, and put the PC you desire to control within that range.
