iptables is firewall software that can be found in lots of distributions, including CentOS and Ubuntu. In this doc, you’ll see how you can prevent concurrent connections from a single IP address by using iptables. This can improve security and prevent simple DDoS attacks.

Step 1: Verifying IPTables installation

To verify if iptables has been installed, execute:

which iptables

If this returns a path such as /sbin/iptables, then iptables is installed on your system. Otherwise, you can install it by executing apt-get install iptables, or yum install iptables.

If you’re running a Debian-based system, install iptables-persistent to be able to easily save and reload iptables:

apt-get install iptables-persistent

Step 2: Adding IPTables rules

While adding the iptables rules, I will explain what every rule does.

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --set

This rule will check incoming IP connections to the eth0 interface (-i eth0) to port 80.

iptables -I INPUT -p tcp --dport 80 -i eth0 -m state --state NEW -m recent --update --seconds 60 --hitcount 10 -j DROP

This rule will check if this connection is new (no risk) within the last 60 seconds (--seconds 60). It will drop the connection should traffic flow be higher than 10 (--hitcount 10).

Step 3: Saving rules

After adding the rules, you will need to save them and reload iptables. Rules can be saved using iptables-persistent, which we just installed:

service iptables-persistent save
service iptables-persistent reload

You have improved server security by limiting the concurrent connections from an IP address using iptables.