Configuring the connection limit policy, Applying the connection limit policy – H3C Technologies H3C SecPath F1000-E User Manual

2

Configuring the Connection Limit Policy

A connection limit policy contains one or more connection limit rules, each specifying an object or range

for the limit. A user connection matching a rule will be limited based on the parameters in the rule. The
device does not limit user connections that are not matching any connection limit rule.

Configuring an IP Address-Based Connection Limit Rule

An IP address-based connection limit rule allows you to limit the number of connections from a specified

source IP address to a specified destination IP address.
The limit rules are matched in ascending order of rule ID. When configuring connection limit rules for a

policy, check the rules and their order carefully. It is recommended to arrange the rules in ascending

order of granularity and range.
An IP address-based connection limit rule can be of any of these types:

•

Source-to-destination: Limits connections from a specific internal host or segment to a specific
external host or segment.

•

Source-to-any: Limits connections from a specific internal host or segment to external networks.

•

Any-to-destination: Limits connections from external networks to a specific internal server.

•

Any-to-any: Limits the total number of connections passing through the device.

Follow these steps to configure an IP address-based connection limit rule:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter connection limit policy view connection-limit policy policy-number

—

Configure an IP address-based
connection limit rule

limit limit-id { source ip { ip-address mask-length |
any } [ source-vpn src-vpn-name ] | destination ip
{ ip-address mask-length | any } [ destination-vpn
dst-vpn-name ] } * protocol { dns | http | ip | tcp |
udp } max-connections max-num
[ per-destination | per-source |
per-source-destination ]

Required

Applying the Connection Limit Policy

To make a connection limit policy take effect, apply it globally.
Follow these steps to apply a connection limit policy:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Apply a connection limit
policy

connection-limit apply policy
policy-number

Required