Create connection limits for any users using a very basic script in the firewall area as shown below
iptables -I FORWARD -p tcp --syn -m iprange --src-range 10.212.1.100-10.212.3.200 -m connlimit --connlimit-above 60 -j DROPiptables -I FORWARD -p tcp --syn -m iprange --src-range 10.212.3.1-10.212.3.254 -m connlimit --connlimit-above 60 -j DROPiptables -I FORWARD -m iprange --src-range 10.212.1.100-10.212.3.200 -p ! tcp -m connlimit --connlimit-above 60 -j DROPiptables -I FORWARD -m iprange --src-range 10.212.3.1-10.212.3.254 -p ! tcp -m connlimit --connlimit-above 60 -j DROP
This limits all users in those ip ranges to no more than 60 sessions and I find it very effective