From owner-freebsd-hackers  Sat Nov  9 23:39:23 1996
Return-Path: owner-hackers
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id XAA21073
          for hackers-outgoing; Sat, 9 Nov 1996 23:39:23 -0800 (PST)
Received: from mickey.umiacs.umd.edu (12222@mickey.umiacs.umd.edu [128.8.120.49])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA21065
          for <hackers@FreeBSD.ORG>; Sat, 9 Nov 1996 23:39:20 -0800 (PST)
Received: 
	(smpatel@localhost)
	by mickey.umiacs.umd.edu (8.7.6/UMIACS-0.9/04-05-88)
	id CAA11253; Sun, 10 Nov 1996 02:39:13 -0500 (EST)
Date: Sun, 10 Nov 1996 02:39:13 -0500 (EST)
From: Sujal Patel <smpatel@umiacs.umd.edu>
To: Darren Reed <avalon@coombs.anu.edu.au>
cc: julian@whistle.com, hackers@FreeBSD.ORG
Subject: Re: Inetd mod.. comments?
In-Reply-To: <199611100522.VAA15358@freefall.freebsd.org>
Message-ID: <Pine.OSF.3.91.961110023741.11227A-100000@mickey.umiacs.umd.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

On Sun, 10 Nov 1996, Darren Reed wrote:

> > 3 - Limit the number of concurrent TCP connections to a port.
> > 4 - Limit the number of concurrent TCP connections from a host/domain.
> 
> These are more properly enforced by whatever it is that is managing those
> connections (ie inetd).

I don't agree with this because hacking inetd can only get you so far.  
There are many services such as ssh, sendmail, and http that don't 
generally get launched from inetd.  I'd hate to hack a half dozen user 
apps when a simple kernel level solution exists.  Besides, other firewall 
products do it, why can't our ipfw?


Sujal