How to limit concurrent request per ip using iptables for a limited time?

Just to clarify: typically when you're using `iptables` you could place a limit on the number of (concurrent) ***TCP connections*** (per time period). You can use the `-m connlimit --connlimit-*` or `-m hashlimit --hashlimit-mode srcip --hashlimit-*` [iptables-extensions](https://ipset.netfilter.org/iptables-extensions.man.html) and options for that.

When you're normally talking about *"requests"* though, your talking about application level events, i.e. the number of `GET` or `POST` *requests* a web application needs to process, or the number of `SELECT/INSERT` *requests* a database server needs to process. Many protocols allow a client to re-use the connection to make new requests once the current requests completes, so limiting the number of TCP connections via iptables might not limit the number requests at all or not effectively. - Then you need to limit requests at the application level. - So what is your actual requirement/problem?

Thanks for your reply i have a file server i want to block a single ip which request over 2000 to my server per day is there any solution for this??

`-m quota` can account bytes or packets. combined with conntrack it can account flows. What it's not designed to do, as well as most of iptables use, is to account for (layer 7) requests. Also quota has limitations, quota2 from xtables-addons is probably better (or also nftables). Anyway, using a tool that checks application logs (such as an reconfigured fail2ban) might be better to handle requests.

I sit in a Tesla and translated this thread with Ai: