In iptables, you can limit the number of ports connected to the IP. This requires the connlimit module of iptables. Of course, you need to pay attention to the number of ports you limit. Because there may be Internet cafe users access, the default is not installed, so you need to install the module first, the following are all the installation steps: download the installation package and extract
# wget ftp://ftp.netfilter. Org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20080214.tar.bz2 # wget ftp://ftp.netfilter.org/pub/iptables/iptables-1.4.0.tar .bz2 # tar xjf iptables-1.4.0.tar.bz2 # tar xjf patch-o-matic-ng-20080214.tar.bz2Download connlimit module
# cd /…/patch-o-matic -ng-20080214 #KERNEL_DIR=/usr/src/kernels/2.6.18-128.el5-x86_64/IPTABLES_DIR=/usr/iptablestest/iptables-1.4.0 ./runme -download Successfully downloaded external patch geoip Successfully downloaded external patch Condition Successfully downloaded external patch IPMARK Successfully downloaded external patch ROUTE Successfully downloaded External patch connlimit Successfully downloaded external patch ipp2p Successfully downloaded external patch time ./patchlets/ipv4options exists and is not external ./patchlets/TARPIT exists and is not external Successfully downloaded external patch ACCOUNT Successfully downloaded external patch pknock Hey! KERNEL_DIR is not set. Where is your kernel source directory? [/usr/src/linux] /usr/src/kernels/2.6.18-128.el5-x86_64 Hey! IPTABLES_DIR is not set. Where is your iptables source code directory? [/usr/Src/iptables] /usr/iptablestest/iptables-1.4.0 Loading patchlet definitions……………………. done Excel
lent! Source trees are ready for compilation. Apply connlimit patch to kernel
# KERNEL_DIR=/usr/src/kernels/2.6.18-128.el5-x86_64 IPTABLES_DIR=/usr/iptablestest/iptables-1.4.0 ./runme connlimit Loading patchlet definitions… …………………. done …… ——&mda Sh;——————————————————– Do you want to apply this patch [N/y/t/f/a/r/b/w/q/?] y Excellent! Source trees are ready for compilation. Apply the patch here to select y. Compile the kernel
# cd /usr/src/kernels /2.6.18-128.el5-x86_64/# make oldconfig HOSTCC scripts/kconfig/conf.o HOSTCC scripts/kconfig/kxgettext.o HOSTCC scripts/kconfig/mconf.o HOSTCC scripts/kconfig/zconf.tab.o HOSTLD scripts /kconfig/conf scripts/kconfig/conf -o arch/i386/Kconfig * * Linux Kernel Configuration * …… ARP payload mangling (IP_NF_ARP_MANGLE) [M/n/?] m Connections/IP limit match support (IP_NF_MATCH_CONNLIMIT) [ ,null,null,3],N/m/?] (NEW) m …… prompts the option to add connlimit, asks if you need to compile into the kernel, and compile to module. (Note: #make menuconfig can also be used here. , select the kernel parameter Networking–>Networking options —>Network pa in the form that appears. Neck filtering(replaces ipchains)—>IP: Netfilter Configuration —>Connections/IP limit match support is selected as a module or compiled into the kernel. If you can't find this item, then the patch has not been successful.)
# make modules_prepare scripts/kconfig/conf -s arch/i386/Kconfig CHK include/linux/version.h CHK include/linux/utsrelease.h HOSTCC scripts/genksyms/genksyms.o HOSTCC scripts/genksyms/lex. o HOSTCC scripts/genksyms/parse.o HOSTLD scripts/genksyms/genksyms CC scripts/mod/empty.o MKELF scripts/mod/elfconfig.h HOSTCC scripts/mod/file2alias.o HOSTCC scripts/mod/modpost.o HOSTCC scripts/Mod/sumversion.o HOSTLD scripts/mod/modpost backs up the original Makefile, which contains the original compilation information. Direct compilation will not pass
# mv net/ipv4/netfilter/Makefile net/ipv4/netfilter/Makefile.bak creates a new Makefile <pre lang="bash"># vi net/ipv4/netfilter/Makefile obj-m := ipt_connlimit.oKDIR := /lib/modules/$(shell uname -r)/buildPWD := $(shell pwd)default:$(MAKE) -C $(KDIR) M=$(PWD) modules compile the module
# make M=net/ipv4/netfilter/LD net/ipv4/netfilter/built-in.o CC [M] net/ipv4/Netfilter/ipt_connlimit.o Building modules, stage 2. MODPOST CC net/ipv4/netfilter/ipt_connlimit.mod.o LD [M] net/ipv4/netfilter/ipt_connlimit.ko copy the generated ko module to the target address and set the appropriate permissions
# cp net/ipv4/netfilter/ipt_connlimit.ko /lib/modules/2.6.18-128.el5/kernel/net/ipv4/netfilter/# chmod 744 /lib/modules/2.6.18- 128.el5/kernel/net/ipv4/netfilter/module compilation completed
Testing and applying modules
# depmod -a loading connlimit module
# modprobe ipt_connlimitChecking whether to load success
One of the benefits of learning Linux is that you can understand how the hardware works and the pri
JFS was developed by IBM and originally appeared on the AIX operating system, which provides a log-b
Azure is one of the representatives of more and more companies considering moving their business to
The original use of Tomcat in Linux does not use the newly created user created by the non-ROOT perm
How to make Linux system support rar compressed file
Linux system computer crashes the cause of failure
When nginx starts, it is free to enter the SSL certificate password
Create a mysql database note with c language under linux
Virtual machine VMware uninstall is not a thorough solution
Modify Linux native IP, gateway and DNS server
Basic knowledge about linux graphical interface
Desktop migration to Linux 4 questions do you know
The best solution for hard disk partitioning under Linux
Desktop application: special effects photos under Linux system are also wonderful
Creating a WiFi hotspot for mobile phones or tablets under the Win10 system
Windows7 boot administrator account administrator is disabled
How to quickly print PDF document Win4
Win7 system can not create a sleep file and prompts the error code 0xc000007f solution
Win10 right-click menu how to clean Win10 right-click menu settings cleanup tutorial
LOL captain Planck glory returns to the former hegemonic skin everyone
The Win10 Mobile Anniversary Update will be launched on August 9th.
Solve U disk installation Windows Server 2012 R2 error Windows can not open the required text