Date: Sun, 10 Nov 1996 02:39:13 -0500 (EST) From: Sujal Patel <smpatel@umiacs.umd.edu> To: Darren Reed <avalon@coombs.anu.edu.au> Cc: julian@whistle.com, hackers@FreeBSD.ORG Subject: Re: Inetd mod.. comments? Message-ID: <Pine.OSF.3.91.961110023741.11227A-100000@mickey.umiacs.umd.edu> In-Reply-To: <199611100522.VAA15358@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 10 Nov 1996, Darren Reed wrote: > > 3 - Limit the number of concurrent TCP connections to a port. > > 4 - Limit the number of concurrent TCP connections from a host/domain. > > These are more properly enforced by whatever it is that is managing those > connections (ie inetd). I don't agree with this because hacking inetd can only get you so far. There are many services such as ssh, sendmail, and http that don't generally get launched from inetd. I'd hate to hack a half dozen user apps when a simple kernel level solution exists. Besides, other firewall products do it, why can't our ipfw? Sujal
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.OSF.3.91.961110023741.11227A-100000>