lsmod |grep iptCheck if the ipt_connlimit module is installed
[root@localhost ~]# modinfo xt_connlimit#View xt_connlimit module
filename: /lib/modules/2.6.32-358.el6.x86_64/kernel/net/netfilter/xt_connlimit.ko aliases: ip6t_connlimit alias: ipt_connlimit license: GPL description: Xtables: Number of connections matching author: Jan Engelhardt srcversion: FD50EBD41C0216E02E65B1E depends: nf_conntrack vermagic: 2.6.32-358.el6.x86_64 SMP mod_unload modversions
Limit one client concurrent requests to 10
iptables -A INPUT -p tcp –dport 80 -m connlimit –connlimit-above 10 -j REJECT
Limit the number of IP connections other than user XXX.XXX.XXX.XXX to 50
iptables -I FORWARD -p tcp -s !XXX.XXX.XXX.XXX -m connlimit –connlimit-above 50 -j REJECT
iptables -p tcp –syn –dport 80 -m connlimit –connlimit-above 16 –connlimit-mask 24 -j REJECT