摘要： 提出一种限制连接的方法。利用Netfilter/Iptables系统的扩展功能，创建一个可以对TCP和UDP连接数分别进行限制的Netfilter/Iptables模块。在该模块中，TCP连接限制算法利用了TCP连接的特性，而UDP连接限制算法利用了计时的方法。使用该模块可以方便有效地控制客户端的并发连接数。

关键词: Netfilter/Iptables防火墙, 连接限制, 时间戳

Abstract: This paper presents a method of limiting connections. The method uses extension of Netfilter/Iptables system to create a Netfilter/Iptables module, which can limit TCP and UDP connections separately. The TCP connections limit algorithm of this module uses characteristics of TCP connection, while UDP uses time tag. By using this module, it can limit parallel connections of client PC conveniently and effectively.

Key words: Netfilter/Iptables firewall, connection limit, time tag

中图分类号: 

• TP393.08