/proc/net/ip_conntrack

shell > iptables -t nat -I PREROUTING -s 192.168.0.0/24 -p tcp -m connlimit --connlimit-above 15 -j DROP

连接个数超过15 就DROP掉

 

 

察看机器连接情况

#!/bin/bash cat /proc/net/ip_conntrack > temp.$$ echo "" > file while read line do         word=`echo $line|awk '{print $5}' | awk -F= '{print $2}'`         grep  "${word}" file || echo "`awk '{print $5}' /proc/net/ip_conntrack | grep -o "src=$word" |wc -l ` $word" >>file done < temp.$$ my_exit() {         rm -f temp.$$ > /dev/null 2>&1 } my_exit trap "my_exit" 2

 

 

/bin/bash  grep -o "src=.*dport=[0-9]\{1,5\}" /proc/net/ip_conntrack |awk '{print $1}'|awk -F= '{print $2}' |sort |uniq -c | sort -n | awk '(sum += $1); END{print "sum = "sum}'