Source-to-destination—Limits connections from a specific internal host or segment to a specific
•
external host or segment.
Source-to-any—Limits connections from a specific internal host or segment to external networks.
•
Any-to-destination—Limits connections from external networks to a specific internal server.
•
Any-to-any—Limits the total number of connections passing through the device.
•
To configure an IP address-based connection limit rule:
To do...
1.
Enter system view.
2.
Enter connection limit policy
view.
3.
Configure an IP address-
based connection limit rule.
Applying the connection limit policy
To make a connection limit policy take effect, apply it globally.
To do...
1.
Enter system view.
2.
Apply a connection limit
policy.
Displaying and maintaining connection limiting
To do...
Display information about
one or all connection limit
policies
Connection limit configuration example
Network requirements
As shown in
The internal network address is 192.168.0.0/16, and two servers are on the internal network. Perform
NAT configuration so that the internal users can access the Internet and external users can access the
internal servers. Configure connection limiting so that:
Command...
system-view
connection-limit policy policy-number
limit limit-id { source ip { ip-address mask-length | any }
[ source-vpn src-vpn-name ] | destination ip { ip-
address mask-length | any } [ destination-vpn dst-vpn-
name ] } * protocol { dns | http | ip | tcp | udp } max-
connections max-num [ per-destination | per-source |
per-source-destination ]
Command...
system-view
connection-limit apply policy policy-number
Command...
display connection-limit policy { policy-number |
all } [ | { begin | exclude | include } regular-
expression ]
Figure
128, a company has five public IP addresses: 202.38.1.1/24 to 202.38.1.5/24.
371
Remarks
—
—
Required
Remarks
—
Required.
Only one connection limit
policy can be applied
globally.
Remarks
Available in any view