Use iptables to set the number of connections for specific ports (universal method)
Limit the number of port connections
- First, enter the command service iptables stop to disable iptables
-
Limiting the number of concurrent connections on a port is very simple; IPTABLES can handle it. Suppose you want to limit the maximum number of IP connections on port
8388to 5. Just run these two commands:
iptables -I INPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 8388 -m connlimit --connlimit-above 5 -j DROP
Let me give another example: suppose you want to limit ports from 1024-10240
iptables -I INPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
iptables -I OUTPUT -p tcp --dport 1024:10240 -m connlimit --connlimit-above 5 -j DROP
-
Just save the IPTABLES rules (
service iptables save); the same applies to other ports. - Enter the command
service iptables startto start it - Finally, use the command below to check whether it has taken effect
iptables -L -n -v
Limit Port Speed
- First, enter the command service iptables stop to disable iptables
-
Limiting port concurrency is very simple—IPTABLES can handle it. Suppose you want to limit the maximum connection speed of port
5037to 60 packets per second; here are the two commands:
iptables -A INPUT -p tcp --sport 5037 -m limit --limit 60/s -j ACCEPT
iptables -A INPUT -p tcp --sport 5037 -j DROP
That is, limit acceptance to 60 packets per second. Generally speaking, each packet is 64—1518 bytes (Byte) in size.
Limit the access speed of a specified IP
Principle: control the rate of a specific port per second. For example, if it exceeds 10 packets per second, DROP them directly, thereby limiting the speed of the specific port.
iptables -A FORWARD -m limit -d 208.8.14.53 --limit 700/s --limit-burst 100 -j ACCEPT
iptables -A FORWARD -d 208.8.14.53 -j DROP
Finally, let’s talk about how to solve the problem of the firewall failing after a reboot
iptables-save >/etc/sysconfig/iptables
echo 'iptables-restore /etc/sysconfig/iptables' >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
For SSR clients
Limit the number of device connections
Open your configuration file. Assuming you installed the ShadowsocksR server in the
/root
folder, it would be:
vi /root/shadowsocksr/user-config.json
Find the protocol parameter (when the parameter is empty “”, the default limit is
64 devices)
"protocol_param": "",
Set the maximum number of device connections for each port in the protocol parameter
(2 minimum recommended). For example, to limit it to a maximum of
5 devices connected at the same time, change it to:
"protocol_param": "5",
Note: The protocol parameter only takes effect when the server-side protocol setting (protocol) is
a non-original (origin) protocol and is not compatible with the original version (_compatible)!
Limit port speed
It’s still the same place mentioned above: the first is the single-thread limit, and the other is the total limit.
"speed_limit_per_con": 0,
"speed_limit_per_user": 0,
When you use this port to download a file, the single-thread download speed limit is 100KB/S.
With multi-threaded downloading (for example, 5 threads), it becomes 500KB/S.
YouTube uses a single thread.