How to Limit Connection Count and Speed in Shadowsocks

Use iptables to set the number of connections for specific ports (universal method)

Limit the number of port connections

  • First, enter the command service iptables stop to disable iptables
  • Limiting the number of concurrent connections on a port is very simple; IPTABLES can handle it. Suppose you want to limit the maximum number of IP connections on port 8388 to 5. Just run these two commands:
iptables -I INPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP

Let me give another example: suppose you want to limit ports from 1024-10240

iptables -I INPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
  • Just save the IPTABLES rules (service iptables save); the same applies to other ports.
  • Enter the command service iptables start to start it
  • Finally, use the command below to check whether it has taken effect
iptables -L -n -v

Limit Port Speed

  • First, enter the command service iptables stop to disable iptables
  • Limiting port concurrency is very simple—IPTABLES can handle it. Suppose you want to limit the maximum connection speed of port 5037 to 60 packets per second; here are the two commands:
iptables -A INPUT -p tcp --sport 5037 -m limit --limit 60/s -j ACCEPT
iptables -A INPUT -p tcp --sport 5037 -j DROP

That is, limit acceptance to 60 packets per second. Generally speaking, each packet is 64—1518 bytes (Byte) in size.

Limit the access speed of a specified IP

Principle: control the rate of a specific port per second. For example, if it exceeds 10 packets per second, DROP them directly, thereby limiting the speed of the specific port.

iptables -A FORWARD -m limit -d 208.8.14.53 --limit 700/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -d 208.8.14.53 -j DROP

Finally, let’s talk about how to solve the problem of the firewall failing after a reboot

iptables-save >/etc/sysconfig/iptables
echo 'iptables-restore /etc/sysconfig/iptables' >> /etc/rc.local
chmod +x /etc/rc.d/rc.local

For SSR clients

Limit the number of device connections

Open your configuration file. Assuming you installed the ShadowsocksR server in the
/root
folder, it would be:

vi /root/shadowsocksr/user-config.json

Find the protocol parameter (when the parameter is empty “”, the default limit is
64 devices)

"protocol_param": "",

Set the maximum number of device connections for each port in the protocol parameter
(2 minimum recommended). For example, to limit it to a maximum of
5 devices connected at the same time, change it to:

"protocol_param": "5",

Note: The protocol parameter only takes effect when the server-side protocol setting (protocol) is
a non-original (origin) protocol and is not compatible with the original version (_compatible)!

Limit port speed

It’s still the same place mentioned above: the first is the single-thread limit, and the other is the total limit.

"speed_limit_per_con": 0,
"speed_limit_per_user": 0,

When you use this port to download a file, the single-thread download speed limit is 100KB/S.
With multi-threaded downloading (for example, 5 threads), it becomes 500KB/S.
YouTube uses a single thread.

Leave a Comment

Your email address will not be published. Required fields are marked *

中文 EN
🚀

RedGate VPN

免费节点太挤太慢?
升级高速稳定专线

立即体验 →

告别卡顿

RedGate VPN
全球高速节点

免费下载 →
Scroll to Top