Some help with iptables?

Discussion in 'Tomato Firmware' started by Meffy, Dec 17, 2008.

  1. Meffy

    Meffy LI Guru Member

    iptables -I FORWARD -s -p tcp -m connlimit --connlimit-above 30 -j DROP
    iptables -I FORWARD -s -p udp -m limit --limit 1/sec -j DROP

    Im seeing over 100 tcp connections in QoS tho..Anyone got any suggestions?Secondly,any script i can use to limit udp connections?
  2. Toastman

    Toastman Super Moderator Staff Member Member

    Hi Meffy

    Probably your script is working but the connections you see in conntrack/qos are waiting to be expired. You could try to expire them faster by changing the settings in conntrack - search this site for info on doing this.

    Firewall scripts:

    #Limit UDP connections per user
    iptables -I FORWARD -m iprange --src-range -p ! tcp -m connlimit --connlimit-above 50 -j DROP

    #Limit TCP connections per user
    iptables -I FORWARD -p tcp --syn -m iprange --src-range -m connlimit --connlimit-above 200 -j DROP
