HPE FlexNetwork HSR6800 Security Command Reference page 411

per-source-destination: Limits connections by source-destination IP address pair.
Usage guidelines
The connection limit rules become invalid when the VPN with which the rules are associated are
removed.
The connection limit rules in a policy are matched in ascending order of rule ID. Take the match order
into consideration when assigning the rules IDs. Hewlett Packard Enterprise recommends that you
arrange the rule by limit granularity and limit range in ascending order.
Examples
# Configure connection limit rule 1 for policy 0 to limit the maximum number of TCP connections
sourced from 1.1.1.1.
<Sysname> system-view
[Sysname] connection-limit policy 0
[Sysname-connection-limit-policy-0] limit 1 source ip 1.1.1.1 32 protocol tcp
max-connections 200
# Configure connection limit rule 2 to limit the maximum number of UDP connections destined to
2.2.2.2.
[Sysname-connection-limit-policy-0] limit 2 destination ip 2.2.2.2 32 protocol udp
max-connections 200
# Configure connection limit rule 3 to limit the maximum number of IP connections sourced from
each host on the segment 1.1.1.0/24.
[Sysname-connection-limit-policy-0] limit 3 source ip 1.1.1.0 24 protocol ip
max-connections 200 per-source
# Configure connection limit rule 4 to limit the maximum number of IP connections destined to each
host on the segment 2.2.2.0/24.
[Sysname-connection-limit-policy-0] limit 4 destination ip 2.2.2.0 24 protocol ip
max-connections 200 per-destination
# Configure connection limit rule 5 to limit the maximum number of IP connections from vpn1 to vpn2.
[Sysname-connection-limit-policy-0] limit 5 source ip any source-vpn vpn1 destination ip
any destination-vpn vpn2 protocol ip max-connections 200
Related commands
•
connection-limit policy
•
display connection-limit policy
398