iptables connlimit-mark question
by kenw232 from LinuxQuestions.org on (#6FK7C)
I've been doing this to rate limit Amazon connections to my server. My question is, is this correct?
Code:/usr/sbin/iptables -I INPUT -p tcp --syn --dport 443 -s 3.238.56.0/24 -m connlimit --connlimit-above 3 --connlimit-mask 32 -j LOG_REJECTThe concern is the source of 3.238.56.0/24 where I am trying to include all IP addresses between 3.238.56.0 and 3.238.56.255. Is this correct considering the connlimit-mask of 32 is still there? Am I going to get my expected result of throttling all hits from 3.238.56.0/24 to be less then 3 no matter what?
Code:/usr/sbin/iptables -I INPUT -p tcp --syn --dport 443 -s 3.238.56.0/24 -m connlimit --connlimit-above 3 --connlimit-mask 32 -j LOG_REJECTThe concern is the source of 3.238.56.0/24 where I am trying to include all IP addresses between 3.238.56.0 and 3.238.56.255. Is this correct considering the connlimit-mask of 32 is still there? Am I going to get my expected result of throttling all hits from 3.238.56.0/24 to be less then 3 no matter what?