Using data group for limiting the concurrent client connections from different subnets

Looks like I was missing "-value". This seems to be working, it not very accurate in terms of parallel connections Limit each client IP address to 20 concurrent connections when CLIENT_ACCEPTED { Max connections per client IP set limit [class match -value [IP::client_addr] equals connlimit_dg] Set a subtable name with a standard prefix and the client IP set tbl "connlimit:[IP::client_addr]" Use a key of the client IP:port set key "[IP::client_addr][TCP::client_port]" table set -subtable $tbl $key "ignored" 180 if { [table keys -subtable $tbl -count] > $limit} { table delete -subtable $tbl $key event CLIENT_CLOSED disable reject } else { here the timer value is in ms ; 60000 ms (60 sec) set timer [after 60000 -periodic { table lookup -subtable $tbl $key }] } } when CLIENT_CLOSED { after cancel $timer table delete -subtable $tbl $key }