Limit Number of connections to Server : Prevent DDOS Attacks

Quick Tutorial on How to Prevent the DDOS Attacks by using a simple linux utility/Command IPTABLES . In this example we will be Limiting the number of SSH Connections to our SSH host. This can also be said to be a Firewall using IPTables .

Load Module : xt_connlimit
modprobe xt_connlimit

Check if the module was loaded or not :
lsmod | grep connlimit
Incase you are configuring a Firewall/Webserver and want this module to load at the Startup :
Add #modprobe xt_connlimit in the file /etc/init.d/rc.d/ri.local

Command to set the Max number to connections to 20 :
iptables -I INPUT -p tcp –syn –dport 22 -m connlimit –connlimit-above 20 -j REJECT
-I  : Insert a rule in the Chain
-p : The Protocol
–syn : This means the rule is only applicable to the packets that are initiating the connection. The rule will not apply to any Data packet that is involved in data transfer .
–dport : 22 for ssh , 80 or 8080 for HTTP or as you require
To View IPTABLES : iptables -L -n | less
To Save IPTABLES :service iptables save


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s