Le 01/11/2016 à 21:06, Jean-Marc Lasgouttes a écrit :
I had some suggestions from Máté: limit the number of connections from the same IP. IPTables can do this: http://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable Máté suggested a limit of 2 connections per IP. I have no idea how to do this properly, though.
I have here a /etc/init.d/firewall file that I had set up from an template found somewhere, which begins with:
#!/bin/sh ### BEGIN INIT INFO # Provides: custom firewall # Required-Start: $remote_fs $syslog $network # Required-Stop: $remote_fs $syslog $network # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: firewall initscript # Description: Custom Firewall ### END INIT INFO and then describes the iptables rules. I guess I would add the suggested rules after the HTTP rules: # HTTP iptables -t filter -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 80 -j ACCEPT # HTTPS iptables -t filter -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 443 -j ACCEPT iptables -t filter -A INPUT -p tcp --dport 8443 -j ACCEPT The rules are parsed frop top to bottom in this firewall, apparently. -- Jean-Pierre
