You can limit the number of connections to your nodes
As you maintain your nodes, you may see multiple nodes trying to connect to you. Normally you should only have 1 or 2 per relay IP that tries to connect to you. Many SPO have shared instances when they see up to 30 connections from a particular IP address. There can be many reasons for these multiple connections ranging from wrong configuration to actual denial of service (DOS) attacks.
Irregardless of the reason, these multiple connections will eventually slow down your nodes and in extreme circumstances, can prevent you from minting blocks.
There are many ways to mitigate the effects of these unwanted multiple connections. I'll share with you two of them:
The most basic solution is to block the IP address that is making multiple connections to your node. For example, if the offending IP address is 1.2.3.4, you can use the following ufw command to deny it:
sudo ufw deny from 1.2.3.4Restart your cardano node service to refresh your connection list
Blocking IP addresses is a manual activity so a better solution is to setup rules to limit the number of connections each IP can make to your relays.
To do this, in the /etc/ufw/before.rules file, look for these these lines:
# Don't delete these required lines, otherwise there will be errors
*filter
:ufw-before-input - [:]
:ufw-before-output - [:]
:ufw-before-forward - [:]
:ufw-not-local - [:]
# End of required linesThe following is a sample command you can add after the above lines:
The above command will limit the number of concurrent connections to 3 for the port 6101 which is the port number of this particular relay. Please change these numbers according to your configuration.
Last updated
# Limit to 3 concurrent connections on port 6101 per IP
-A ufw-before-input -p tcp --syn --dport 6101 -m connlimit --connlimit-above 3 -j DROP