Crear el archivo de intercambio (swap) en linux
23 de septiembre de 2020
URLs útiles para chequear servicios
29 de septiembre de 2020
Interesante artículo sobre el uso de IPtables para limitar el número de conexiones.
Fuente: https://access.redhat.com/solutions/396273
To restrict to 200 connections per source IP on port 389:
iptables -A INPUT -p tcp --syn --dport 389 -m connlimit --connlimit-above 200 -j DROP connlimitAllows you to restrict the number of parallel connections to a server per client IP address (or client address block).
--connlimit-upto nMatch if the number of existing connections is below or equal n.
--connlimit-above nMatch if the number of existing connections is above n.
--connlimit-mask prefix_lengthGroup hosts using the prefix length. For IPv4, this must be a number between (including) 0 and 32. For IPv6, between 0 and 128. If not specified, the maximum prefix length for the applicable protocol is used.
--connlimit-saddrApply the limit onto the source group. This is the default if
--connlimit-daddr is not specified
--connlimit-daddrApply the limit onto the destination group.
Examples:
allow 2 telnet connections per client host
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECTyou can also match the other way around:
iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-upto 2 -j ACCEPTlimit the number of parallel HTTP requests to 16 per class C sized source network (24 bit netmask
iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECTlimit the number of parallel HTTP requests to 16 for the link local network
(ipv6) ip6tables -p tcp --syn --dport 80 -s fe80::/64 -m connlimit --connlimit-above 16 --connlimit-mask 64 -j REJECTLimit the number of connections to a particular host:
ip6tables -p tcp --syn --dport 49152:65535 -d 2001:db8::1 -m connlimit --connlimit-above 100 -j REJECT
