Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


In this Discussion

Limit conntrack on OpenVZ
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Limit conntrack on OpenVZ

How do i limit conntrack connections on OpenVZ. I have tried following as root but the sysctl -a command mentions 65536 despite whatever change i make. How do i limit connections, any idea?

/sbin/sysctl -w net.netfilter.nf_conntrack_max=

Comments

  • SplitIceSplitIce Member, Host Rep
    1. Reducing conntrack max won't limit the number of connections you receive or connections to a service.

    2. You can't adjust any proctls (kernel configuration) in OpenVZ.

  • CamCam Member, Patron Provider

    IPtables

    iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 15 --connlimit-mask 32 -j REJECT --reject-with tcp-reset
    This will reject connections above 15 from one source IP.

    iptables -A INPUT -m state --state RELATED,ESTABLISHED -m limit --limit 150/second --limit-burst 160 -j ACCEPT
    In this 160 new connections (packets really) are allowed before the limit of 150 NEW connections (packets) per second is applied.

    Source: https://unix.stackexchange.com/questions/139285/limit-max-connections-per-ip-address-and-new-connections-per-second-with-iptable

    Thanked by 1vpsGOD
Sign In or Register to comment.