How to limit maximum number of TCP connections

[Tim]

On Thu, 2012-06-28 at 09:21 -0700, Rick Stevens wrote:
> I agree the OP's client has got a weird idea as to limiting access,
> but perhaps they feel their uplink is too small to handle more
> connections. There is a lot of education that's required here with the
> client.

But that's never going to work.  Thus far, none of the information in
this thread has made any sense.  The requirement is ludicrous and
impractical, so either the client's request is stupid, or misunderstood
by the original poster.

Limiting the number of clients is useless as a bandwidth limit, likewise
with limiting the number of connections.  A client could have one or a
hundred connections, at any one time.  One client could swamp your
entire available bandwidth, or your bandwidth could be enough to supply
a couple of hundred clients (it depends on what they're doing with it).
Also, one connection could max out your connection, or hundreds of
connections might be barely noticeable (again, it depends on what you're
doing with them).

All this is going to achieve is breakage.  It'd denial-of-service some
clients that are actually trying to work, perhaps even DOS something
that's central to all the clients, and put the whole network into
failure, in one go.

-- 
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.