Well-connected nodes that receive many incoming connections attempts can experience hanging problems. It’s a problem we should fix in the neptune-core application but until we have, you can use the following commands to let the Linux kernel do the heavy lifting for us.

sudo iptables -A INPUT -p tcp --dport 9798 -m connlimit --connlimit-above 50 -j REJECT --reject-with tcp-reset
sudo iptables -A INPUT -p tcp --dport 9798 -m limit --limit 2/sec --limit-burst 2 -j ACCEPT
sudo ip6tables -A INPUT -p tcp --dport 9798 -m connlimit --connlimit-above 50 -j REJECT --reject-with tcp-reset
sudo ip6tables -A INPUT -p tcp --dport 9798 -m limit --limit 2/sec --limit-burst 2 -j ACCEPT

This limits the number of incoming TCP connections to your 9798 port to 50. And prevents more than 2 new connections per second. This limit applies regardless of the IP of the machine connecting to you. The rules apply for both IPv4 and IPv6.

Verify new rules:

sudo iptables -L -v -n
sudo ip6tables -L -v -n

Persist the new rules:

sudo apt update && sudo apt install netfilter-persistent
sudo netfilter-persistent save

Port 9798 is the standard port used by neptune-core. If you have set your --peer-port value to something, adjust the above commands.