Limit maximum connections from and ip to a tcp port IPFILTER

Hi,

If you ever need to do this, here are the rules you can add to ipf.conf, that do the magic:

pass in quick proto tcp from 192.168.0.0/24 to any port = 80
pass return-rst in log limit quick proto tcp from 10.0.0.0/8 to any port = 80 keep limit 1

The first rule:
pass in quick proto tcp from 192.168.0.0/24 to any port = 80

Makes all the server connecting from the subnet 192.168.0.0/24 will have no limitations on port 80

The second rule:
pass return-rst in log limit quick proto tcp from 10.0.0.0/8 to any port = 80 keep limit 1

Sends a TCP Reset packet to a host in the 10.0.0.0/8 subnet with more than 1 tcp connection established against port 80.

To make DCA work with ipfilter you need to follow instructions on how to get ipf working that I posted earlier:

http://www.hpuxtips.es/?q=node/218

DCA mode is disabled by default. To enable DCA, use the following command:

ipf -m e

To disable DCA, use the following command:

ipf -m d

To query the current DCA setting, use the following command:

ipf -m q

You can toggle between being enabled or disabled by using the following command:

ipf -m t

More info on ipf:

http://docs.hp.com/en/B9901-90042/ch05s04.html

hpux

HP-UX Tips & Tricks Site

Tips & Tricks

User login

Limit maximum connections from and ip to a tcp port IPFILTER

Latest Hp-ux Tips

Latest Aix Tips

Latest Solaris Tips