One -can- restrict the total number of simultaneous states allowed, to keep access manageable in the event a website gets "slashdotted" -- overwhelmed because of sudden increased transaction rates.
In the example mfaridi quoted, max-src-conn 100 limits the number of simultaneous transactions to 100. Users beyond that number do not get a connection, which -might- or -might not- be a problem, depending on the application. But it does allow the 100 sessions that are connected to function without overwhelming resources.
That "100" is of course not meaningful without understanding the webserver's capacity, and the capacity of adjunct application and database servers that might be involved.
|