We have a radio that wont connect to a back haul with http traffic but only https traffic. It will work in bridge mode just fine though. A band new radio out of the box does the same thing.

We use Ubiquiti which is based on Debian. I use Ubuntu but Im not that well versed on the command line. So this is my question: can you limit the number of physical connections by protocol?

You'd have to use a firewall, either one existing in your distribution or install one and then determine the settings in that firewall software which limits the number of connections per protocol port number.

I do not believe that the native networking allows for this level of protection or controllability, that's more specialized to the features provided by firewall software.

For Ubuntu there is something called the Uncomplicated Firewall and you can add filters per protocol port number with the keyword "limit" to set up a filter to limit that port. Sorry I'm not sure of the exact syntax or whether or not this particular concept is one which is permissible with that software, I haven't used it. But looking at the man page for it, this appears to be a choice one can do, and also it appears that a "dry run" is available so you can see the changes before you actually apply them.

Actually, reading more "limit" there is not for connection limits, but rather rate limits. Therefore the UFW would not be helpful here, or at least that particular setting is not going to do what you want.

Ive been working on this and we just cant figure out how or why
this connection has been limited. The radios have firewalls and
none are turned on but, like you indicated - it is rate limit
and not connection.

The Access Point currently has 9 connected clients but for
whatever reason, we cannot connect this client any other way
than https. Its really strange.

I'm a bit confused. I thought the crux of your first question was how does someone limit connections per port. Now it appears that the question is that you have these radios and cannot scale beyond a certain connection limitation, therefore you're asking if a protocol port limit filter might be the problem.

Have I guessed the correct form of the question with that second variation?

My questions given that is the issue would then be:

Are the number of connections limited, or just the fact that you have to use https?

If the number of connections gets limited, might that just be because an access point limits the number of clients it will accept and provide DHCP for, and you happen to be hitting that limitation?

All things aside, can you run wireshark or an equivalent network monitoring utility and then see what's going on with respect to these connection attempts and failures?

Given that last one I'd trace an http session attempt and see what happens.

I'd review the radio settings and application settings and see if something is set to require secure connections only. Maybe that's a default and maybe it's also not a big deal. Nothing wrong with using https is there?

Sorry I wasnt more clear.

I do not want to limit connections.
I have a Access Point that forever reason is limiting connections.
The number of connections is not limited - either hardware or software.
Another unit of ours has 25 clients connected. This one stopped at 9.
Its not a dhcp issue.
Its not a wireless issue either.
A new client can connect in router mode with https OR in bridge mode
with http.

Well - there is nothing wrong with running https but you cant
connect to every url with https.

It finally was enough of an issue that we pulled the AP - which
we cant find anything wrong with - and ... still had the issue.
So, its not the AP.

During this swap we were looking at our logs (again) and we noticed
a issue with this specific IP. It had been flagged a few times
for passing bad traffic (this was due to the radio running
in bridge mode). Could not find that the IP had been blocked
but, after we installed the radio it was assigned a new IP and
its passing traffic fine now.

We discovered just a bit later that the IP had been assigned
to another radio and ... it would not pass traffic. So we went
back to the dhcp server and reserved that address so it wont
be reassigned.