New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Limit conntrack on OpenVZ
generaluser
Member
in Help
How do i limit conntrack connections on OpenVZ. I have tried following as root but the sysctl -a command mentions 65536 despite whatever change i make. How do i limit connections, any idea?
/sbin/sysctl -w net.netfilter.nf_conntrack_max=
Comments
Reducing conntrack max won't limit the number of connections you receive or connections to a service.
You can't adjust any proctls (kernel configuration) in OpenVZ.
IPtables
iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
This will reject connections above 15 from one source IP.
iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.
Source: https://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable