I have a open port, 40002, I want to limit that at the same time the port can only be connected by one ip address(not specific address). if there is an ip address conntecing to that port already, other IPs will fail to connect.
is is possible to configure it by Iptables or scripts? my system is Ubuntu 14.04 thanks.
You can do it by configuring iptables.
/sbin/iptables -A INPUT -p tcp --syn --dport $port -m connlimit --connlimit-above N -j REJECT --reject-with tcp-reset
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save
/sbin/iptables -A INPUT -p tcp --syn --dport 22 -m connlimit --connlimit-above 3 -j REJECT
# save the changes see iptables-save man page, the following is redhat and friends specific command
service iptables save
TESTING :
#!/bin/bash
ip="202.1.2.3"
port="80"
for i in {1..100}
do
# do nothing just connect and exit
echo "exit" | nc ${ip} ${port};
done
iptables -A INPUT -p tcp --syn -dport 40002 -m iplimit --iplimit-above 3 -J REJECT
This will REJECT connections if there are 3 IPs connected. Sorry if I misunderstood your question ;)
