Estas são as regras que eu utilizo p/ controle de conexões simultaneas
SgtoMarlthon
Estas são as regras que eu utilizo p/ controle de conexões simultaneas
Neste caso todos as portas que estão em azul ñ terão controle de conexão simultanea ou seja todas as portas que estão sendo marcadas pelo mangle ñ terão controle e o range de IP 10.0.0.0/8 e o da minha rede ou seja tudo que estiver dentro de 10.255.255.255 estarão dentro desse controle e la em baixo temos connection-limit=25 que diz quantos pedidos de conexão pode ser feito por cada host e de verde esta o 32 que ja sabemos o que e e p/ que serve
IP > FIREWALL > MANGLE
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=21 \
action=mark-packet new-packet-mark=semlimite passthrough=yes \
comment="Marcando Pacotes Sem Limite Conexao" disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=22 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=23 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=25 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=53 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=80 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=110 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=443 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=8080 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
add chain=forward src-address=10.0.0.0/8 protocol=tcp dst-port=6891-6901 \
action=mark-packet new-packet-mark=semlimite passthrough=yes comment="" \
disabled=no
IP > FIREWALL > FILTER
add chain=forward src-address=10.0.0.0/8 protocol=tcp tcp-flags=syn \
packet-mark=!semlimite connection-limit=25,32 action=drop comment="Limitando \
numero conexoes simultaneas 25 por cliente" disabled=no
______________________________________________________
Quem tem medo de perguntar,tem vergonha de aprender...
MSN - [email protected]
Rafael G.T.