\u041e\u0442\u0441\u044e\u0434\u0430 http:\/\/guruadmin.ru\/page\/iptables-ogranichenie-kolichestva-podkljuchenij-s-ip<\/p>\n
\u0412 \u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u043c\u044b \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e IP \u0430\u0434\u0440\u0435\u0441\u0430 \u043a \u043d\u0430\u0448\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443. \u0412 \u044d\u0442\u043e\u043c \u043d\u0430\u043c \u043f\u043e\u043c\u043e\u0436\u0435\u0442 \u043c\u043e\u0434\u0443\u043b\u044c connlimit, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c\u043d\u044b\u0445 TCP \u043a\u043e\u043d\u043d\u0435\u043a\u0442\u043e\u0432 \u043a \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0441 IP \u0430\u0434\u0440\u0435\u0441\u0430, \u043b\u0438\u0431\u043e \u0431\u043b\u043e\u043a\u0430 \u0430\u0434\u0440\u0435\u0441\u043e\u0432.<\/p>\n
<\/p>\n
\u0421\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441:<\/strong><\/p>\n \u0421\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u043e\u0439 \u043f\u043e\u043c\u0430\u043d\u0434\u044b \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439:<\/p>\n \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u043c \u0442\u043e\u043b\u044c\u043a\u043e 3 ssh \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f:<\/p>\n \u0420\u0430\u0437\u0440\u0435\u0448\u0438\u043c \u0442\u043e\u043b\u044c\u043a\u043e 20 http \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e IP (\u043f\u0430\u0440\u0430\u043c\u0435\u0442\u0440 MaxClients \u0432 httpd.conf \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043b\u0435\u043d \u0432 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0435 60):<\/p>\n \u0412\u043d\u0438\u043c\u0430\u043d\u0438\u0435!<\/strong>\u00a0\u041e\u0431\u0440\u0430\u0442\u0438\u0442\u0435 \u0432\u043d\u0438\u043c\u0430\u043d\u0438\u0435 \u0447\u0442\u043e \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0431\u043e\u043b\u044c\u0448\u0438\u0445 \u043f\u0440\u043e\u043a\u0441\u0438-\u0441\u0435\u0440\u0432\u0435\u0440\u043e\u0432 \u0438\u043b\u0438 \u0431\u043e\u043b\u044c\u0448\u043e\u0439 \u0441\u0435\u0442\u0438 \u0437\u0430 \u043d\u0430\u0442\u043e\u043c \u043d\u0430\u043c \u043d\u0435\u043e\u0431\u0445\u043e\u0434\u0438\u043c\u043e \u0441\u0434\u0435\u043b\u0430\u0442\u044c \u0438\u0441\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f. \u041c\u044b \u043c\u043e\u0436\u0435\u043c \u0438\u0441\u043a\u043b\u044e\u0447\u0438\u0442\u044c \u0434\u0430\u043d\u043d\u044b\u0435 IP \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0441\u0430 !<\/p>\n \u0423\u0431\u0435\u0440\u0435\u043c \u0434\u043b\u044f \u043f\u0440\u043e\u043a\u0441\u0438 1.2.3.4 \u0434\u0430\u043d\u043d\u043e\u0435 \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435:<\/p>\n \u0412 \u0434\u0430\u043d\u043d\u043e\u043c \u043f\u0440\u0438\u043c\u0435\u0440\u0435 \u043c\u044b \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u043c \u043f\u0430\u0440\u0430\u043b\u043b\u0435\u043b\u044c\u043d\u044b\u0435 http \u0437\u0430\u043f\u0440\u043e\u0441\u044b \u0434\u043b\u044f \u0432\u0441\u0435\u0439 \u0441\u0435\u0442\u0438 \u043a\u043b\u0430\u0441\u0441\u0430 C (\u0441\u0435\u0442\u0435\u0432\u0430\u044f \u043c\u0430\u0441\u043a\u0430 \u0441\u043e\u0434\u0435\u0440\u0436\u0438\u0442 24 \u0431\u0438\u0442\u0430)<\/p>\n \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0439\u0442\u0435 \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0438\u0439 shell \u0441\u043a\u0440\u0438\u043f\u0442 \u0434\u043b\u044f \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f \u043a \u0432\u0435\u0431 \u0441\u0435\u0440\u0432\u0435\u0440\u0443 \u0441 \u0430\u0434\u0440\u0435\u0441\u043e\u043c 202.1.2.3:<\/p>\n \u041e\u0442\u0441\u044e\u0434\u0430 http:\/\/guruadmin.ru\/page\/iptables-ogranichenie-kolichestva-podkljuchenij-s-ip \u0412 \u0434\u0430\u043d\u043d\u043e\u0439 \u0441\u0442\u0430\u0442\u044c\u0435 \u043c\u044b \u0440\u0430\u0441\u0441\u043c\u043e\u0442\u0440\u0438\u043c \u043a\u0430\u043a \u043c\u043e\u0436\u043d\u043e \u043e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u0442\u044c \u043a\u043e\u043b\u0438\u0447\u0435\u0441\u0442\u0432\u043e \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0441 \u043e\u0434\u043d\u043e\u0433\u043e IP \u0430\u0434\u0440\u0435\u0441\u0430 \u043a \u043d\u0430\u0448\u0435\u043c\u0443 \u0441\u0435\u0440\u0432\u0435\u0440\u0443. \u0412<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[15,78,9],"tags":[89,90],"class_list":["post-231","post","type-post","status-publish","format-standard","hentry","category-ubuntu-vsiashina","category-web","category-vsiashina","tag-iptables","tag---ip"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p7OYvE-3J","_links":{"self":[{"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/posts\/231","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=231"}],"version-history":[{"count":2,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/posts\/231\/revisions"}],"predecessor-version":[{"id":233,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=\/wp\/v2\/posts\/231\/revisions\/233"}],"wp:attachment":[{"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=231"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=231"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/allchina.a-lisa.org\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=231"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\/sbin\/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset \r\n# save the changes see iptables-save man page, the following is redhat and friends specific command \r\nservice iptables save<\/pre>\n
\u041f\u0440\u0438\u043c\u0435\u0440: \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 SSH \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0439 \u0441 IP\/\u0445\u043e\u0441\u0442\u0430<\/h3>\n
\/sbin\/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT \r\n# save the changes see iptables-save man page, the following is redhat and friends specific command \r\nservice iptables save<\/pre>\n
\u041f\u0440\u0438\u043c\u0435\u0440: \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0438\u043c HTTP \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u044f<\/h3>\n
\/sbin\/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset \r\n# save the changes see iptables-save man page, the following is redhat and friends specific command \r\nservice iptables save<\/pre>\n
\/sbin\/iptables -A INPUT -p tcp --syn --dport 80 -d ! 1.2.3.4 -m connlimit --connlimit-above 20 -j REJECT --reject-with tcp-reset<\/pre>\n
\u041f\u0440\u0438\u043c\u0435\u0440: \u041e\u0433\u0440\u0430\u043d\u0438\u0447\u0435\u043d\u0438\u0435 \u043d\u0430 \u043f\u043e\u0434\u0441\u0435\u0442\u044c \u043a\u043b\u0430\u0441\u0441\u0430 C<\/h3>\n
\/sbin\/iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 20 --connlimit-mask 24 -j REJECT --reject-with tcp-reset \r\n# save the changes see iptables-save man page \r\nservice iptables save<\/pre>\n
<\/h3>\n
\u041a\u0430\u043a \u044f \u043c\u043e\u0433\u0443 \u043f\u0440\u043e\u0442\u0435\u0441\u0442\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0440\u0430\u0431\u043e\u0442\u0443 iptables?<\/h2>\n
#!\/bin\/bash \r\nip=\"202.1.2.3\" \r\nport=\"80\" \r\nfor i in {1..100} \r\ndo \r\n\t# do nothing just connect and exit \r\n\techo \"exit\" | nc ${ip} ${port}; \r\ndone<\/pre>\n","protected":false},"excerpt":{"rendered":"