Registered users
Linkedin Twitter Google+

In order to improve user's experience and to enable some functionalities by tracking the user accross the website, this website uses its own cookies and from third parties, like Google Analytics and other similar activity tracking software. Read the Privacy Policy
33HOPS, IT Consultants Download XSIBackup
33HOPS ::: Proveedores de Soluciones Informáticas :: Madrid :+34 91 930 98 66Avda. Castilla la Mancha, 95 - local posterior - 28700 S.S. de los Reyes - MADRID33HOPS, Sistemas de Informacion y Redes, S.L.Info


Many Linux kernels come nowadays with a module that allows to set a packet rate from within IPTables, which is generally more convenient. In any case some people will still find this script/concept useful.

Spada works by collecting information on the number of connections made to a given port from connected IPs by using netstat, if this number of connections exceeds the configurable limit then the IP is banned by issuing a DROP command for the offending IP to iptables. You can pass spada a whitelist of IPs that should not be blocked at any time, your localhost IP ( is added by default but you should add all your local IPs to avoid banning yourself. Spada consists of two different executable shell scripts: spada and spada-daemon. Both of them allow the very same arguments, the only difference is that when you call spada a single operation is made while when you call spada daemon you get one operation per second during 1 minute thus you can call spada-daemon from cron every minute and have a daemon alike behaviour with a very light impact on your system resources.


./spada --ip-port=80 --max-conn=33 --whitelist=",,,,"


This argument is the TCP/IP port that you want to inspect

This is the configurable limit for allowed connections from a single IP

TThis argument is a comma delimited list of IPs allowed to exceed the --max-conn limit.

USAGE OF spada-daemon (for a continous protection)

The install of this script is very simple, all you have to do is:

a/ chown root:root /path/to/the/script/spada

b/ We asign the file execute permission (only for -root- user)

chmod 0700 /path/to/the/script/spada

c/ Include the script in a cron schedule to be run every minute by adding the following line to the crontab file

/etc/crontab or by invoking your distro cron edit utility. */1 * * * * root /path/to/the/script/spada --ip-port=80 --max-conn=33 --whitelist=",,,," > /dev/null 2>&1

You can add as many lines in your cron as you may need to protect per instance the HTTP port (80) and your mySQL server (3306)

Every second it will check for IPs with a number of connections higher than the configured limit adding them to the list of banned IPs in your -iptables- firewall. To clean the baned IPs list all we have to do is flush the -drop chain- in -iptables- or simply restart it.

This page was last modified on 2016-06-01

Website Map
Resources & help
33HOPS Forum
Index of Docs

©33HOPS site relies on the following technologies and partners:
SSL Protocol PayPal Payment Gateway Stripe Payment Gateway

©33HOPS Sistemas de Información y Redes, S.L. | VAT No: ESB83583716 | Avda. Castilla la Mancha, 95, local posterior, 28701 San Sebastián e los Reyes (Madrid) Spain

Fill in to download
The download link will be sent to your e-mail.

            Read our Privacy Policy

(*) DC & Pro users, please login to your user area to download