Am 29.11.2011 23:44, schrieb Filip Rembiałkowski:
> did you look at connlimit?
> http://www.netfilter.org/projects/patch-o-matic/pom-external.html#pom-external-connlimit
> AFAIK, it applies only to ESTABLISHED state, so maybe it suits you.
No, I didn't, and THANKS! That's exactly the hint I needed. I tried to
use the hashlimit and/or recent matches with high burst rates and low
limits, but that didn't work, and that's what I was hinting at.
> I'm not sure how do you want to allow "many connections being created
> almost at once" and "limit number of connections from same IP" at the
> same time?
The intention being that I'm trying to limit the total amount of
connections per client to something around 20; the behaviour of the
clients is such that they create 10-15 connections in a very short burst
(due to threaded accesses to the database), and (should) disconnect all
of these in an interval of 10 minutes. When a client runs amok (which
I've had twice this week), the batch of connections is not disconnected,
and a single client gradually starts eating up all connections to the
database, and thus hinders other clients from functioning. But: using
connlimit should do the trick. I'll try that out immediately.
Thanks again!
--
--- Heiko.