Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SOLVED IPTables connlimit not working?

Discussion in 'Security' started by Scott Galambos, Jun 11, 2019.

  1. Scott Galambos

    Scott Galambos Well-Known Member

    Joined:
    Jul 13, 2016
    Messages:
    54
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I'm trying to rate throttle a subnet. I do this:
    iptables -A INPUT -p tcp --syn --dport 80 -s 161.129.70.0/24 -m connlimit --connlimit-above 1 --connlimit-mask 24 -j REJECT --reject-with tcp-reset

    Listing the chain input shows its in there:
    Chain INPUT (policy DROP)
    target prot opt source destination
    ...
    ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 ctstate NEW udp dpt:53
    LOGDROPIN all -- 0.0.0.0/0 0.0.0.0/0
    REJECT tcp -- 161.129.70.0/24 0.0.0.0/0 tcp dpt:80 flags:0x17/0x02 #conn src/24 > 1 reject-with tcp-reset


    But when more then 1 connection from that submit hits port 80 its still allowed in. I can connect like 3 times. why? I'm manually doing this iptables command from the command line after csf has run and all the rules iptables rules are already setup and running. does that matter?

    I know there is a CONNLIMIT option in csf.conf, but that applies to everything, I only want to limit one or two subnets.
     
    #1 Scott Galambos, Jun 11, 2019
    Last edited: Jun 11, 2019
  2. Scott Galambos

    Scott Galambos Well-Known Member

    Joined:
    Jul 13, 2016
    Messages:
    54
    Likes Received:
    1
    Trophy Points:
    8
    Location:
    Canada
    cPanel Access Level:
    Root Administrator
    I see, I have to -I not -A it.
     
  3. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    47,529
    Likes Received:
    2,181
    Trophy Points:
    363
    cPanel Access Level:
    Root Administrator
    Twitter:
    Hi Scott,

    Thanks for sharing the outcome! I've marked this thread as solved.
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice