From owner-freebsd-questions@FreeBSD.ORG Wed Feb 13 17:52:08 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FEE816A469 for ; Wed, 13 Feb 2008 17:52:08 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from wx-out-0506.google.com (wx-out-0506.google.com [66.249.82.226]) by mx1.freebsd.org (Postfix) with ESMTP id 7A35C13C4CC for ; Wed, 13 Feb 2008 17:52:07 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: by wx-out-0506.google.com with SMTP id i29so75617wxd.7 for ; Wed, 13 Feb 2008 09:52:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; bh=gBOdAzIn5Qe5gIjr4csps4M5qyuPHve2c0Uo6n1DSrA=; b=eBVP/l1ubOrmMTdSr1uzPvAHHqsZX4ryKYAjkWfBu3zogoJIMqM6jr1vaqakzBWMvmELNXCHYndcLFuxSdvYgVKjLz2QQ3HRy7CJdikQfzewl0zAol/Bgm2uRvVzC9lWXp8r6ND7nE5KFlAmrVm6BlxiYaAU/ewWLOz3uH5A+p8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=NDyfNxOjDv1zXhEQcRePUDVNL4E0HaBwOhV/tLRm2gbeLZhcTqnwOyEP9dYijfA711S91PQOcZVkW2z4bGmIobt/rhpba5YPdDgRHjXuU20CfvD3Lp+CwOUmXlFdrUph7GPjrpOxqvw3u7T8sMKFyEvTsgEDHqAyj9JNZkjevDY= Received: by 10.141.79.12 with SMTP id g12mr125371rvl.87.1202923411993; Wed, 13 Feb 2008 09:23:31 -0800 (PST) Received: by 10.140.185.19 with HTTP; Wed, 13 Feb 2008 09:23:31 -0800 (PST) Message-ID: Date: Wed, 13 Feb 2008 09:23:31 -0800 From: patrick To: "FreeBSD Questions Mailing List" MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Limit # of connections per IP using ipfw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2008 17:52:08 -0000 Is there a way to limit the number of TCP connections from a particular IP at a given time using ipfw? We are running Cyrus IMAP on FreeBSD 6.2, and are sometimes subject to POP3 brute force login attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these attacks grind the server to halt (the load level goes up beyond 350!). The database against which authentication takes places is on a separate server, so I know it's not MySQL's fault. I'd like to be able to set a firewall rule to set a reasonable limit per IP for these sorts of connections. I know that pf can do it, and I'm in the process of figuring out how to migrate all of our stuff over to pf, but in the meantime, I'd like to try to do this with ipfw. Thanks, Patrick