Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Port Connection Limit
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Port Connection Limit

In Linux, I want to restrict one port to only 2 devices connected at the same time. How can I achieve this?

Comments

  • Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

  • dfroedfroe Member, Host Rep

    If by 'port' you are referring to a L4 TCP/UDP port, you can achieve this with iptables by using connlimit like this:

    iptables -A INPUT -p tcp --syn --dport $PORT -m connlimit --connlimit-above 2 -j REJECT
    
    Thanked by 1adly
  • 7cloud7cloud Member
    edited August 2021

    @kevertje said:
    Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

    Thank you for your relpy!
    I mean I have a service running one linux system, for exmaple the service port is 12345, I hope this port is connected up to two client's devices or IPs at the same time. And the third device or IP is not allowed to transfer data over this port.

  • 7cloud7cloud Member
    edited August 2021

    @dfroe said:
    If by 'port' you are referring to a L4 TCP/UDP port, you can achieve this with iptables by using connlimit like this:

    iptables -A INPUT -p tcp --syn --dport $PORT -m connlimit --connlimit-above 2 -j REJECT
    

    Thank you for your relpy!
    This is the limits of the TCP link which only allow 2 established link at the port. This will result the clients can not open the service on the linux, because the service need to open many TCP-LINK with the client.

    I need to limit the number of device or the number of IP to link to the port, not the number of TCP-LINK to the port. for example, I allow the client's device or IP to open many TCP-LINK with the service port.

  • @7cloud said:

    @kevertje said:
    Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

    Thank you for your relpy!
    I mean I have a service running one linux system, for exmaple the service port is 12345, I hope this port is connected up to two client's devices or IPs at the same time. And the third device or IP is not allowed to transfer data over this port.

    In that case I would suggest a default policy of block in iptables or whichever firewall you use and only allow two client IPs to that port

    For example for tcp:

    iptables -I INPUT -p tcp --dport 12345 -j DROP
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.2 -j ACCEPT

  • @kevertje said:

    @7cloud said:

    @kevertje said:
    Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

    Thank you for your relpy!
    I mean I have a service running one linux system, for exmaple the service port is 12345, I hope this port is connected up to two client's devices or IPs at the same time. And the third device or IP is not allowed to transfer data over this port.

    In that case I would suggest a default policy of block in iptables or whichever firewall you use and only allow two client IPs to that port

    For example for tcp:

    iptables -I INPUT -p tcp --dport 12345 -j DROP
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.2 -j ACCEPT

    Thank you for your reply.
    But the question is the client's IP is not fixed. And I do not know the client's the IP.

  • @7cloud said:

    @kevertje said:

    @7cloud said:

    @kevertje said:
    Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

    Thank you for your relpy!
    I mean I have a service running one linux system, for exmaple the service port is 12345, I hope this port is connected up to two client's devices or IPs at the same time. And the third device or IP is not allowed to transfer data over this port.

    In that case I would suggest a default policy of block in iptables or whichever firewall you use and only allow two client IPs to that port

    For example for tcp:

    iptables -I INPUT -p tcp --dport 12345 -j DROP
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.2 -j ACCEPT

    Thank you for your reply.
    But the question is the client's IP is not fixed. And I do not know the client's the IP.

    Then how will you know whether it is one client changing its IP address or a third client attempting to connect? Your only solutions in this case are to handle it at the application layer, or insert a proxy to manage it, or do some type of 'port knocking'. There is no simple one-line linux command.

  • @7cloud said:

    @kevertje said:

    @7cloud said:

    @kevertje said:
    Do you mean that a network switch or server interface is connected up to two devices at the same time? And the third is not allowed to transfer data over the switch port?

    If yes,

    This can be archived with MAC filtering or a fixed subnet size with limited DHCP or static IP addresses assigned

    Thank you for your relpy!
    I mean I have a service running one linux system, for exmaple the service port is 12345, I hope this port is connected up to two client's devices or IPs at the same time. And the third device or IP is not allowed to transfer data over this port.

    In that case I would suggest a default policy of block in iptables or whichever firewall you use and only allow two client IPs to that port

    For example for tcp:

    iptables -I INPUT -p tcp --dport 12345 -j DROP
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.1 -j ACCEPT
    iptables -A INPUT -p tcp --dport 12345 -d 1.1.1.2 -j ACCEPT

    Thank you for your reply.
    But the question is the client's IP is not fixed. And I do not know the client's the IP.

    Do you know the MAC? You will need something that is fixed. Perhaps you could elaborate the use case. From the sound of it you want to do this on the application level as clients can roam during travel on mobile connections etc

Sign In or Register to comment.