[GH-ISSUE #3955] 有没有限制连接的方法 #3139

New issue

Closed

opened 2026-05-05 14:01:53 -06:00 by gitea-mirror · 7 comments

gitea-mirror commented 2026-05-05 14:01:53 -06:00

Owner

Copy link

Originally created by @s084088 on GitHub (Jan 26, 2024).
Original GitHub issue: https://github.com/fatedier/frp/issues/3955

Describe the feature request

请问下,有没有限制连接的方法,比如同一个IP只能建立1个连接

Describe alternatives you've considered

No response

Affected area

• Docs
• Installation
• Performance and Scalability
• Security
• User Experience
• Test and Release
• Developer Infrastructure
• Client Plugin
• Server Plugin
• Extensions
• Others

Originally created by @s084088 on GitHub (Jan 26, 2024). Original GitHub issue: https://github.com/fatedier/frp/issues/3955 ### Describe the feature request 请问下,有没有限制连接的方法,比如同一个IP只能建立1个连接 ### Describe alternatives you've considered _No response_ ### Affected area - [ ] Docs - [ ] Installation - [X] Performance and Scalability - [ ] Security - [ ] User Experience - [ ] Test and Release - [ ] Developer Infrastructure - [ ] Client Plugin - [ ] Server Plugin - [ ] Extensions - [ ] Others

gitea-mirror 2026-05-05 14:01:53 -06:00

• closed this issue
• added the
  lifecycle/stale
  label

gitea-mirror commented 2026-05-05 14:01:57 -06:00

Author

Owner

Copy link

@xqzr commented on GitHub (Jan 28, 2024):

frp 本身没有。服务端插件 应该可以实现

<!-- gh-comment-id:1913642126 --> @xqzr commented on GitHub (Jan 28, 2024): frp 本身没有。服务端插件 应该可以实现

gitea-mirror commented 2026-05-05 14:01:57 -06:00

Author

Owner

Copy link

@lli-debu commented on GitHub (Feb 2, 2024):

https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml#L129
服务器端的config有个maxPortsPerClient不知道能否满足你的需求。

<!-- gh-comment-id:1922839175 --> @lli-debu commented on GitHub (Feb 2, 2024): https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml#L129 服务器端的config有个maxPortsPerClient不知道能否满足你的需求。

gitea-mirror commented 2026-05-05 14:01:58 -06:00

Author

Owner

Copy link

@s084088 commented on GitHub (Feb 2, 2024):

frp 本身没有。服务端插件 应该可以实现

请问有参考样例或者文章吗?

<!-- gh-comment-id:1922859868 --> @s084088 commented on GitHub (Feb 2, 2024): > frp 本身没有。服务端插件 应该可以实现 请问有参考样例或者文章吗?

gitea-mirror commented 2026-05-05 14:01:58 -06:00

Author

Owner

Copy link

@s084088 commented on GitHub (Feb 2, 2024):

https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml#L129 服务器端的config有个maxPortsPerClient不知道能否满足你的需求。

多谢，但是这个看起来像是限制每个frpc的最大连接数量，我希望的是单个IP只能对某个frpc指向的服务创建一个连接，按理讲应该在frpc上配置

<!-- gh-comment-id:1922865677 --> @s084088 commented on GitHub (Feb 2, 2024): > https://github.com/fatedier/frp/blob/dev/conf/frps_full_example.toml#L129 服务器端的config有个maxPortsPerClient不知道能否满足你的需求。 多谢，但是这个看起来像是限制每个frpc的最大连接数量，我希望的是单个IP只能对某个frpc指向的服务创建一个连接，按理讲应该在frpc上配置

gitea-mirror commented 2026-05-05 14:01:59 -06:00

Author

Owner

Copy link

@fangzr commented on GitHub (Feb 5, 2024):

I wrote a code for your requiement. Just try it.

#!/usr/bin/env python3
import re
from collections import defaultdict
from datetime import datetime
import subprocess

# 日志文件路径
log_file_path = '/home/user/right.log'

# 输出文件路径
ban_ip_file = '/home/user/ban_ip.txt'
establishment_ip_file = '/home/user/establishment_ip.txt'

# IP状态计数
ip_counts = defaultdict(int)

# 成功连接的IP集合
established_ips = set()

def parse_log_file():
    with open(log_file_path, 'r') as file:
        next(file)  # Skip header
        for line in file:
            parts = line.strip().split()
            if len(parts) < 6:
                continue
            status = parts[1]  # Correct column for status
            # Correct extraction of IP address without port
            remote_ip = re.sub(r'\[::ffff:(.*?)\]', r'\1', parts[5])
            remote_ip = re.sub(r':\d+$', '', remote_ip)  # Remove port number
            
            if status == 'ESTAB':
                if remote_ip not in established_ips:
                    established_ips.add(remote_ip)
                    record_established_connection(remote_ip)
            elif status == 'TIME-WAIT':
                ip_counts[remote_ip] += 1

def record_established_connection(ip):
    with open(establishment_ip_file, 'a') as file:
        file.write(f"{datetime.now()}: Established connection from IP {ip}\n")
    print(f"Recorded established connection: {ip}")

def apply_iptables_rules():
    for ip, count in ip_counts.items():
        print('count',count)
        if count > 3:  # Threshold is 3
            subprocess.run(['sudo', 'iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'], stdout=subprocess.DEVNULL)
            with open(ban_ip_file, 'a') as file:
                file.write(f"{datetime.now()}: Blocked IP {ip} due to exceeding TIME-WAIT threshold\n")
            print(f"Blocked IP: {ip}")

if __name__ == '__main__':
    parse_log_file()
    apply_iptables_rules()

23 and 24 are Frps opened ports. Shell for Crontab task is given as follows:

ss -anp | grep ":23" >/home/user/right.log
sudo /home/user/monitor_and_block.py
ss -anp | grep ":24" >/home/user/right.log
sudo /home/user/monitor_and_block.py

<!-- gh-comment-id:1927318236 --> @fangzr commented on GitHub (Feb 5, 2024): I wrote a code for your requiement. Just try it. ```python #!/usr/bin/env python3 import re from collections import defaultdict from datetime import datetime import subprocess # 日志文件路径 log_file_path = '/home/user/right.log' # 输出文件路径 ban_ip_file = '/home/user/ban_ip.txt' establishment_ip_file = '/home/user/establishment_ip.txt' # IP状态计数 ip_counts = defaultdict(int) # 成功连接的IP集合 established_ips = set() def parse_log_file(): with open(log_file_path, 'r') as file: next(file) # Skip header for line in file: parts = line.strip().split() if len(parts) < 6: continue status = parts[1] # Correct column for status # Correct extraction of IP address without port remote_ip = re.sub(r'\[::ffff:(.*?)\]', r'\1', parts[5]) remote_ip = re.sub(r':\d+$', '', remote_ip) # Remove port number if status == 'ESTAB': if remote_ip not in established_ips: established_ips.add(remote_ip) record_established_connection(remote_ip) elif status == 'TIME-WAIT': ip_counts[remote_ip] += 1 def record_established_connection(ip): with open(establishment_ip_file, 'a') as file: file.write(f"{datetime.now()}: Established connection from IP {ip}\n") print(f"Recorded established connection: {ip}") def apply_iptables_rules(): for ip, count in ip_counts.items(): print('count',count) if count > 3: # Threshold is 3 subprocess.run(['sudo', 'iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'], stdout=subprocess.DEVNULL) with open(ban_ip_file, 'a') as file: file.write(f"{datetime.now()}: Blocked IP {ip} due to exceeding TIME-WAIT threshold\n") print(f"Blocked IP: {ip}") if __name__ == '__main__': parse_log_file() apply_iptables_rules() ``` 23 and 24 are Frps opened ports. Shell for Crontab task is given as follows: ```powershell ss -anp | grep ":23" >/home/user/right.log sudo /home/user/monitor_and_block.py ss -anp | grep ":24" >/home/user/right.log sudo /home/user/monitor_and_block.py ```

gitea-mirror commented 2026-05-05 14:01:59 -06:00

Author

Owner

Copy link

@github-actions[bot] commented on GitHub (Feb 27, 2024):

Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

<!-- gh-comment-id:1965580121 --> @github-actions[bot] commented on GitHub (Feb 27, 2024): Issues go stale after 21d of inactivity. Stale issues rot after an additional 7d of inactivity and eventually close.

gitea-mirror commented 2026-05-05 14:02:00 -06:00

Author

Owner

Copy link

@s084088 commented on GitHub (Feb 27, 2024):

I wrote a code for your requiement. Just try it.

#!/usr/bin/env python3
import re
from collections import defaultdict
from datetime import datetime
import subprocess

# 日志文件路径
log_file_path = '/home/user/right.log'

# 输出文件路径
ban_ip_file = '/home/user/ban_ip.txt'
establishment_ip_file = '/home/user/establishment_ip.txt'

# IP状态计数
ip_counts = defaultdict(int)

# 成功连接的IP集合
established_ips = set()

def parse_log_file():
    with open(log_file_path, 'r') as file:
        next(file)  # Skip header
        for line in file:
            parts = line.strip().split()
            if len(parts) < 6:
                continue
            status = parts[1]  # Correct column for status
            # Correct extraction of IP address without port
            remote_ip = re.sub(r'\[::ffff:(.*?)\]', r'\1', parts[5])
            remote_ip = re.sub(r':\d+$', '', remote_ip)  # Remove port number
            
            if status == 'ESTAB':
                if remote_ip not in established_ips:
                    established_ips.add(remote_ip)
                    record_established_connection(remote_ip)
            elif status == 'TIME-WAIT':
                ip_counts[remote_ip] += 1

def record_established_connection(ip):
    with open(establishment_ip_file, 'a') as file:
        file.write(f"{datetime.now()}: Established connection from IP {ip}\n")
    print(f"Recorded established connection: {ip}")

def apply_iptables_rules():
    for ip, count in ip_counts.items():
        print('count',count)
        if count > 3:  # Threshold is 3
            subprocess.run(['sudo', 'iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'], stdout=subprocess.DEVNULL)
            with open(ban_ip_file, 'a') as file:
                file.write(f"{datetime.now()}: Blocked IP {ip} due to exceeding TIME-WAIT threshold\n")
            print(f"Blocked IP: {ip}")

if __name__ == '__main__':
    parse_log_file()
    apply_iptables_rules()

23 and 24 are Frps opened ports. Shell for Crontab task is given as follows:

ss -anp | grep ":23" >/home/user/right.log
sudo /home/user/monitor_and_block.py
ss -anp | grep ":24" >/home/user/right.log
sudo /home/user/monitor_and_block.py

多谢,我找到一个其他的转发工具实现了

<!-- gh-comment-id:1966098746 --> @s084088 commented on GitHub (Feb 27, 2024): > I wrote a code for your requiement. Just try it. > > ```python > #!/usr/bin/env python3 > import re > from collections import defaultdict > from datetime import datetime > import subprocess > > # 日志文件路径 > log_file_path = '/home/user/right.log' > > # 输出文件路径 > ban_ip_file = '/home/user/ban_ip.txt' > establishment_ip_file = '/home/user/establishment_ip.txt' > > # IP状态计数 > ip_counts = defaultdict(int) > > # 成功连接的IP集合 > established_ips = set() > > def parse_log_file(): > with open(log_file_path, 'r') as file: > next(file) # Skip header > for line in file: > parts = line.strip().split() > if len(parts) < 6: > continue > status = parts[1] # Correct column for status > # Correct extraction of IP address without port > remote_ip = re.sub(r'\[::ffff:(.*?)\]', r'\1', parts[5]) > remote_ip = re.sub(r':\d+$', '', remote_ip) # Remove port number > > if status == 'ESTAB': > if remote_ip not in established_ips: > established_ips.add(remote_ip) > record_established_connection(remote_ip) > elif status == 'TIME-WAIT': > ip_counts[remote_ip] += 1 > > def record_established_connection(ip): > with open(establishment_ip_file, 'a') as file: > file.write(f"{datetime.now()}: Established connection from IP {ip}\n") > print(f"Recorded established connection: {ip}") > > def apply_iptables_rules(): > for ip, count in ip_counts.items(): > print('count',count) > if count > 3: # Threshold is 3 > subprocess.run(['sudo', 'iptables', '-A', 'INPUT', '-s', ip, '-j', 'DROP'], stdout=subprocess.DEVNULL) > with open(ban_ip_file, 'a') as file: > file.write(f"{datetime.now()}: Blocked IP {ip} due to exceeding TIME-WAIT threshold\n") > print(f"Blocked IP: {ip}") > > if __name__ == '__main__': > parse_log_file() > apply_iptables_rules() > ``` > > 23 and 24 are Frps opened ports. Shell for Crontab task is given as follows: > > ```powershell > ss -anp | grep ":23" >/home/user/right.log > sudo /home/user/monitor_and_block.py > ss -anp | grep ":24" >/home/user/right.log > sudo /home/user/monitor_and_block.py > ``` 多谢,我找到一个其他的转发工具实现了

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

dev

new

master

copilot/review-pull-request-5198

v0.68.1

v0.68.0

v0.67.0

v0.66.0

v0.65.0

v0.64.0

v0.63.0

v0.62.1

v0.62.0

v0.61.2

v0.61.1

v0.61.0

v0.60.0

v0.59.0

v0.58.1

v0.58.0

v0.57.0

v0.56.0

v0.55.1

v0.55.0

v0.54.0

v0.53.2

v0.53.1

v0.53.0

v0.52.3

v0.52.2

v0.52.1

v0.52.0

v0.51.3

v0.51.2

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.1

v0.46.0

v0.45.0

v0.44.0

v0.43.0

v0.42.0

v0.41.0

v0.40.0

v0.39.1

v0.39.0

v0.38.0

v0.37.1

v0.37.0

v0.36.2

v0.36.1

v0.36.0

v0.35.1

v0.35.0

v0.34.3

v0.34.2

v0.34.1

v0.34.0

v0.33.0

v0.32.1

v0.32.0

v0.31.2

v0.31.1

v0.31.0

v0.30.0

v0.29.1

v0.29.0

v0.28.2

v0.28.1

v0.28.0

v0.27.1

v0.27.0

v0.26.0

v0.25.3

v0.25.2

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.3

v0.23.2

v0.23.1

v0.23.0

v0.22.0

v0.21.0

v0.20.0

v0.19.1

v0.19.0

v0.18.0

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.3

v0.9.2

v0.9.1

v0.9.0

v0.8.1

v0.8.0

v0.7.0

v0.6.0

v0.5.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

In Progress

  

WIP

  

WaitingForInfo

  

bug

  

doc

  

duplicate

  

easy

  

enhancement

  

future

  

help wanted

  

invalid

  

lifecycle/stale

  

need-issue-template

  

need-usage-help

  

no plan

  

proposal

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

todo

No labels

In Progress

WIP

WaitingForInfo

bug

doc

duplicate

easy

enhancement

future

help wanted

invalid

lifecycle/stale

need-issue-template

need-usage-help

no plan

proposal

pull-request

question

todo

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/frp#3139

No description provided.