Limit number of connctions for one dest ip address .?

user19 · April 15, 2008, 5:37pm

HI, i have tryed this but nothing yet, if anybody can help me a appreciatte that,
How can i limt number of connections for one especific dest ip address or better how can get the dest ip addresses if that dest ip has more than 10 connections from my internal customer and put that dest address in some address list and so drop it…i need dropt traffic to the dest address , not traffic from my customer

I have many connections from one customer to one dest address and so all customers to differrent dest address,hard virus i think

Dimas Perez

smile_2006 · April 15, 2008, 5:47pm

RTFM, please…
from the 2.9`manual

To only allow not more than 5 simultaneous connections from each of the clients, do the
following:
/ip firewall filter add chain=forward protocol=tcp tcp-flags=syn connection-limit=6,32
action=drop

user19 · April 15, 2008, 9:42pm

Idon’t need limit client’s connections, i need drop or limit per dest address connections
Thanks

winxp2000 · April 16, 2008, 9:47am

limit per dest address connections

It should not limit by your router.

It should make in the server that your want to access.

Chupaka · April 16, 2008, 10:19pm

winxp2000
why do you point gerencia@e-digitales.com, what he should or should not to do? he gave you the task - help him if you can =)

user19 · April 17, 2008, 2:09am

This the torch from a infected customer, how can i drop dest addressess , i don’t wanna drop my customer.

Some Genius help me.

jorj · April 17, 2008, 7:02am

If you want to drop all connections to that specific address, use this:

/ip firewall filter add action=drop chain=forward comment="" disabled=yes dst-address=xxx.yyy.www.zzz

Best way is to announce him, and get him educated…

Chupaka · April 17, 2008, 12:15pm

omg =) i think it’s a torch bug: you have many identical (src-ip:src-port-dst-ip:dst-port) pairs. it was described earlier in the forum. afair, will be fixed in v3.8

ionut · April 17, 2008, 5:17pm

as te other say .. the filtering working but u will se the connection .. because they are droped in forward chain rhat is in routing proces ..
use connection drop in prerouting chain and all will be fine ..

user19 · April 17, 2008, 5:52pm

all clear but all destination addresses are different and ramdomly, i need a script that catch them and drop automatically, one by one would be very hard.

thanks to all

Chupaka · April 17, 2008, 9:57pm

gerencia@e-digitales.com
actually there’s about 3-4 connections to every dest ip, it’s normal for HTTP (port 80). so wait v3.8 and check torch again

ionut · April 18, 2008, 3:47pm

is normal for more connection wen someone downlaod with fashget with about 10 simultanios connection or open a webpage with tons of pics
or u can liminit with connection count limit