Date: Thu, 16 Feb 2006 18:17:16 -0800 From: Atanas <atanas@asd.aplus.net> To: Niki Denev <nike_d@cytexbg.com> Cc: freebsd-stable@freebsd.org Subject: Re: SSH login takes very long time...sometimes Message-ID: <43F5322C.1090603@asd.aplus.net> In-Reply-To: <43F514BD.608@cytexbg.com> References: <59e2ee810512250841t75157e62rec9dc389ac716534@mail.gmail.com> <20051227101621.GA16276@walton.maths.tcd.ie> <86irrfoix5.fsf@xps.des.no> <43F4E3B0.1090806@asd.aplus.net> <43F514BD.608@cytexbg.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Niki Denev said the following on 02/16/06 16:11: > > I solved this for me with the following pf(4) rule : > > pass in quick on $ext inet proto tcp from any to any port ssh flags S/SA \ > keep state (source-track rule, max-src-conn $max_conn_per_ip, max-src-conn-rate $max_conn_rate, \ > overload <tempban-ssh> flush global) > > with appropriate $max_conn_per_ip and $max_conn_rate limits, > and "expiretable" in a cronjob to flush all entries in the <tempban-ssh> table which > are older than predefined period. > > I hope this helps. > Thanks for the tip! I knew that at some point I will have to switch to pf, but unfortunately it wasn't available in FreeBSD-4.x, and I still have plenty of such boxes. Does anybody know whether ipfw (or something else within FreeBSD-4) is capable of setting connection rate limits? Regards, Atanas
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43F5322C.1090603>