Iptables Limits Connections Per IP in cPanel server

How do I restrict the number of connections used by a single IP address to my server for port 80 and 443 using iptables?
You need to use the connlimit modules which allows you to restrict the number of parallel TCP connections to a server per client IP address.


Firstly we have to delete 443 rule from exiting iptables then add connlimit rule and add 443 rule again. connlimit always comes earlier than cpanel 443 default rule.

How to delete rule and add it again. 

First find the 443 cpanel rule number using below command.

iptables -L --line-numbers

Chain IN_public_allow (1 references)
num  target     prot opt source               destination

10   ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW

Find the Chain Rule and number which you want to delete. Then run below command.  Chain rule name IN_public_allow  and 10 is rule which we want to delete.

iptables -D IN_public_allow 10

After that add below both rule. First rule is using for restricting IP (10.10.10.1) for 443 port with 50 connection limit. Another rule for allow 443 port on server. Both rules are necessary. 

iptables -A IN_public_allow -p tcp  --syn -s 10.10.10.1 --dport 443 -m connlimit --connlimit-above 50 --connlimit-mask 32 -j REJECT --reject-with tcp-reset

iptables -A IN_public_allow -p tcp -m tcp --dport 443 -m conntrack --ctstate NEW -j ACCEPT