Date: Wed, 13 Feb 2008 11:37:05 -0800 From: patrick <gibblertron@gmail.com> To: patrick <gibblertron@gmail.com>, "FreeBSD Questions Mailing List" <freebsd-questions@freebsd.org> Subject: Re: Limit # of connections per IP using ipfw? Message-ID: <b043a4850802131137i42bafee6wee84959aec07f497@mail.gmail.com> In-Reply-To: <20080213181452.GU3587@hal.rescomp.berkeley.edu> References: <b043a4850802130923y2c5eca45y234e6cabbf416739@mail.gmail.com> <20080213181452.GU3587@hal.rescomp.berkeley.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Perfect, thanks! On Feb 13, 2008 10:14 AM, Christopher Cowart <ccowart@rescomp.berkeley.edu> wrote: > > On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote: > > Is there a way to limit the number of TCP connections from a > > particular IP at a given time using ipfw? We are running Cyrus IMAP on > > FreeBSD 6.2, and are sometimes subject to POP3 brute force login > > attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these > > attacks grind the server to halt (the load level goes up beyond 350!). > > The database against which authentication takes places is on a > > separate server, so I know it's not MySQL's fault. I'd like to be able > > to set a firewall rule to set a reasonable limit per IP for these > > sorts of connections. I know that pf can do it, and I'm in the process > > of figuring out how to migrate all of our stuff over to pf, but in the > > meantime, I'd like to try to do this with ipfw. > > You can use limit rules. This should do the trick: > > # ipfw add allow tcp from any to me pop3s limit src-addr 5 > > Check the ipfw man page section on limit for more info (though it's > pretty brief). > > -- > Chris Cowart > Network Technical Lead > Network & Infrastructure Services, RSSP-IT > UC Berkeley >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b043a4850802131137i42bafee6wee84959aec07f497>