I'm usig the following iptable rule to limit the amount of simultaneous connections to 1 connection per ip, on port 4387.
/sbin/iptables -A INPUT -p tcp --syn --dport 3387 -m connlimit --connlimit-above 1 -j REJECT
Keeping in mind that there are certain links on port 3387 which at times will be offline, if a user accesses an offline link, the user will not be able to access another link until the state of the connection, Last_Ack, timesout since my iptables rule allows only 1 connection simultaneously (I believe last_ack timesout after 60 seconds). Apparently, when the connection is in a "Last Ack" state, the associated ip is considered to be connected until it timesout. Therefore, as per my iptables rule, it would not allow a 2nd connection. What I would like is that any connection in "Last Ack" state be excluded from the iptables rule above. Is there some sort of config or parameter that I can set so that last_ack timesout immediately or an iptables rule that allows 1 "Established" connection simultaneously disregarding "Last Ack"? It's very annoying and inconvenient to have to wait 60 seconds before the user will be allowed to try another link every time the user attempts an offline link.
