From owner-freebsd-questions  Wed Jan 12  8:27:20 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from axl.noc.iafrica.com (axl.noc.iafrica.com [196.31.1.175])
	by hub.freebsd.org (Postfix) with ESMTP id C890015109
	for <questions@freebsd.org>; Wed, 12 Jan 2000 08:27:15 -0800 (PST)
	(envelope-from sheldonh@axl.noc.iafrica.com)
Received: from sheldonh (helo=axl.noc.iafrica.com)
	by axl.noc.iafrica.com with local-esmtp (Exim 3.11 #1)
	id 128QbV-000M5H-00; Wed, 12 Jan 2000 18:26:37 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: "Mr. K." <bsd@inbox.org>
Cc: questions@FreeBSD.ORG
Subject: Re: limit connections per IP? 
In-reply-to: Your message of "Wed, 12 Jan 2000 11:12:47 EST."
             <Pine.BSF.3.96.1000112111121.15989A-100000@inbox.org> 
Date: Wed, 12 Jan 2000 18:26:37 +0200
Message-ID: <84894.947694397@axl.noc.iafrica.com>
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG



On Wed, 12 Jan 2000 11:12:47 EST, "Mr. K." wrote:

> Is there a way (perhaps with ipfw?) to limit the number of connections an
> IP address can make to your system?  This seems to be the only way to
> handle a DOS attack from filling up your listen queue.

Depends on the software.  If you start things up out of inetd(8), then
there's per-service and global rate-limiting available.  Consult the
inetd(8) manual page for details.

Otherwise, the options available to you are application specific and thus
effective only on a per-service basis, if at all.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message