build-essential cpp debhelper dpkg-dev file g++ g++-4.1 gcc gettext gettext-base html2text intltool-debian libmagic1 libselinux1-dev libsepol1-dev libsp1c2 libstdc++6-4.1-dev linuxdoc-tools make patch perl perl-modules po-debconf sgml-base sgml-data sp xml-core

#cd /usr/src

#wget http://ftp.netfilter.org/pub/iptables/iptables-1.3.6.tar.bz2

#wget http://ftp.netfilter.org/pub/patch-o-matic-ng/snapshot/patch-o-matic-ng-20071128.tar.bz2

#wget http://www.kernel.org/pub/linux/kernel/v2.6/linux-2.6.18.tar.bz2

   connlimit

       Allows you to restrict the number of parallel TCP connections to a server per client IP address (or address block).

       [!] --connlimit-above n

              match if the number of existing tcp connections is (not) above n

       --connlimit-mask bits

              group hosts using mask

       Examples:

       # allow 2 telnet connections per client host

              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit --connlimit-above 2 -j REJECT

       # you can also match the other way around:

              iptables -A INPUT -p tcp --syn --dport 23 -m connlimit ! --connlimit-above 2 -j ACCEPT

       # limit the nr of parallel http requests to 16 per class C sized network (24 bit netmask)

              iptables -p tcp --syn --dport 80 -m connlimit --connlimit-above 16 --connlimit-mask 24 -j REJECT