iptables

(test under iptables v1.4.21)

Examples

flush rules and only allow ip 1.2.3.4 to access tcp:10000

iptables -P INPUT ACCEPT
iptables -F
iptables -A INPUT -s 1.2.3.4 -p tcp --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -j DROP

list rules

iptables -L -n --line-numbers -v

Connection count limit

set max 2 connections for each ip

iptables -A INPUT -p tcp --dport 10000 -m connlimit --connlimit-above 2 -j DROP

set no limit for ip 1.2.3.4, max 2 connections for other ips

iptables -A INPUT -p tcp -s 1.2.3.4 --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -m connlimit --connlimit-above 2 -j DROP

set no limit for ip 1.2.3.4, max 3 connections for ip 1.1.1.1, max 2 connections for other ips

iptables -N MY_CHAIN
iptables -A MY_CHAIN -p tcp -s 1.1.1.1 --dport 10000 -m connlimit --connlimit-above 3 -j DROP
iptables -A MY_CHAIN -p tcp -s 1.1.1.1 --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp -s 1.1.1.1 --dport 10000 -j MY_CHAIN
iptables -A INPUT -p tcp -s 1.2.3.4 --dport 10000 -j ACCEPT
iptables -A INPUT -p tcp --dport 10000 -m connlimit --connlimit-above 2 -j DROP

Rate limit

icmp package rate limit

iptables -A INPUT -p icmp -m limit --limit 6/m --limit-burst 5 -j ACCEPT # /second /minute /hour /day
iptables -A INPUT -p icmp -j DROP

save iptables config

save the config

service iptables save

for CentOS7 only:

# disable firewalld
systemctl stop firewalld
systemctl disable firewalld

# install iptables-services
yum install iptables-services
systemctl enable iptables
systemctl start iptables

# save config
service iptables save

# after OS restarted,do:
systemctl restart iptables