Can I limit the number of tcp connections ?
Denys Vlasenko
vda.linux at googlemail.com
Wed Apr 14 03:23:01 UTC 2010
On Tue, Apr 13, 2010 at 11:26 AM, Rob Landley <rob at landley.net> wrote:
> On Tuesday 13 April 2010 06:15:35 Mark Jackson wrote:
>> Is there any way to limit the # tcp connections under Busybox ?
>>
>> I've tried ...
>>
>> echo 8 > /proc/sys/net/core/somaxconn
>>
>> ... but I can still open 10 ssh sessions, as well as a web server.
>>
>> I know I could run iptables, but I was looking for a much lower level
>> solution (with a smaller resource footprint).
>>
>> Any clues ?
Many network daemons have their own ways to limit the number
of accepted connections. For example, if you use tcpsvd
to run inetd-like services, you can use -c or -C:
tcpsvd -vE -c7 0.0.0.0 21 ftpd /files/to/serve
only 7 concurrent connections will be allowed.
tcpsvd -vE -C2:"Go away" 0.0.0.0 21 ftpd /files/to/serve
only 2 connections per IP will be accepted, third one
will be immediately closed after bytes "Go away" are sent
to it.
Fuller help text (read about -c and -C):
# ./busybox tcpsvd --help
BusyBox v1.17.0.git (2010-04-13 20:02:11 PDT) multi-call binary.
Usage: tcpsvd [-hEv] [-c N] [-C N[:MSG]] [-b N] [-u USER] [-l NAME] IP PORT PROG
Create TCP socket, bind to IP:PORT and listen
for incoming connection. Run PROG for each connection.
IP IP to listen on. '0' = all
PORT Port to listen on
PROG ARGS Program to run
-l NAME Local hostname (else looks up local hostname in DNS)
-u USER[:GRP] Change to user/group after bind
-c N Handle up to N connections simultaneously
-b N Allow a backlog of approximately N TCP SYNs
-C N[:MSG] Allow only up to N connections from the same IP
New connections from this IP address are closed
immediately. MSG is written to the peer before close
-h Look up peer's hostname
-E Don't set up environment variables
-v Verbose
--
vda
More information about the busybox
mailing list