LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   openvz - limit IP connections - debian 6 VPS (http://www.linuxquestions.org/questions/linux-security-4/openvz-limit-ip-connections-debian-6-vps-927456/)

dlugasx 02-03-2012 03:08 PM

openvz - limit IP connections - debian 6 VPS
 
Hello everone,

I have realy big problem with my VPS. I cant limit connection per IP using iptables.

This is my linux kernel version:

Code:

Linux my.server.com 2.6.18-028stab092.1 #1 SMP Wed Jul 20 19:47:12 MSD 2011 x86_64 GNU/Linux
Here You can find all iptables modules:

Code:

cat /proc/net/ip_tables_matches
helper
conntrack
length
ttl
tcpmss
multiport
multiport
limit
tos
state
icmp
udp
tcp

and this is part of my firewall script responsible for SLOWLORIS defend

Code:

#!/bin/sh

# Clean all rules

iptables -F
iptables -F INPUT
iptables -F FORWARD
iptables -F OUTPUT
iptables -F -t mangle
iptables -F -t nat
iptables -X

# Setup new rules
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -N syn_flood


iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT

iptables -A INPUT -p tcp --dport 22 -j ACCEPT


iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --set --name Slowloris
iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m recent --set --name Slowloris
iptables -A INPUT -p tcp --dport 80 -m state --state NEW -m recent --name Slowloris --update --seconds 60
iptables -A INPUT -p tcp --dport 443 -m state --state NEW -m recent --name Slowloris --update --seconds 60

I dont know why its not working. After execution I have received following error:

Code:

/etc/init.d/firewall
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name


Does any body knows why ? How to limit ip connection in my super duper VPS ? Who can help me ?


regards

Dlugasx

unSpawn 02-19-2012 07:53 PM

Quote:

Originally Posted by dlugasx (Post 4593096)
I cant limit connection per IP using iptables. (..) I dont know why its not working. (..) Does any body knows why ?

It's a shortcoming in VPS. Netfilter just doesn't work in a guest like you would expect it to work on a regular machine.


Quote:

Originally Posted by dlugasx (Post 4593096)
How to limit ip connection in my super duper VPS ?

If your dom-0 owner isn't able or willing to make the required iptables modules available to you I guess you'll have to live with it.


//NTLB


All times are GMT -5. The time now is 08:09 PM.