From b6ac07f59b0a6237fa2d0204385d2bf354d5900c Mon Sep 17 00:00:00 2001
From: kev <vimagick@gmail.com>
Date: Tue, 29 Sep 2015 15:30:08 +0800
Subject: [PATCH] limit connect

---
 iptables/Dockerfile | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/iptables/Dockerfile b/iptables/Dockerfile
index 014bd71..6478bed 100644
--- a/iptables/Dockerfile
+++ b/iptables/Dockerfile
@@ -7,6 +7,8 @@ MAINTAINER kev <noreply@datageek.info>
 
 RUN apk add -U iproute2
 
+ENV LIMIT_PORT 8388
+ENV LIMIT_CONN 5
 ENV TCP_PORTS 80,443
 ENV UDP_PORTS 53
 ENV RATE 1mbit
@@ -15,6 +17,7 @@ ENV LATENCY 50ms
 ENV INTERVAL 60
 
 CMD iptables -F \
+    && iptables -A INPUT -p tcp -m state --state NEW --dport $LIMIT_PORT -m connlimit --connlimit-above $LIMIT_CONN -j DROP \
     && iptables -A OUTPUT -p tcp -m state --state NEW -m multiport ! --dports $TCP_PORTS -j DROP \
     && iptables -A OUTPUT -p udp -m state --state NEW -m multiport ! --dports $UDP_PORTS -j DROP \
     && tc qdisc add dev eth0 root tbf rate $RATE burst $BURST latency $LATENCY \