From owner-freebsd-questions@FreeBSD.ORG Wed Feb 13 19:37:08 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83D7616A418 for ; Wed, 13 Feb 2008 19:37:08 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.228]) by mx1.freebsd.org (Postfix) with ESMTP id 2791413C465 for ; Wed, 13 Feb 2008 19:37:08 +0000 (UTC) (envelope-from gibblertron@gmail.com) Received: by wr-out-0506.google.com with SMTP id 68so197886wri.3 for ; Wed, 13 Feb 2008 11:37:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=B9+AcGRjWNFnGeAmWI6IYr/srROsNzLkeI5CAujJCgs=; b=rY/+w5IpCI30kWmauGuNZX++jYnPlCgF0GhpveKY0/P0KlXAPVYCNbonjJxf0E6KCgX3LldWSCREv2tykz6vi7xIG8i8JRsVYRexjkumvko/txNAEZ8XuFO8K5sb5N3sxcet2WR/y8VOViB004SdZu2YRk3r9cTo7gKHOwN+G4s= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uBZ3INqcufgQm70DlInOnKocy0IfdrFtQKwMLUj89aqoSdt4LPNra/itQbKKQRhDQTMDlXZnuydWjtwN8jSNbEb6VcmPU6GvYy6QzcY4Txkmmpp0r+/i61UnMZyoqrzBmPKeypMTNoYxQfekb1lU+s1WyYs98+A/Gu9NA7E9Yo8= Received: by 10.141.87.13 with SMTP id p13mr250616rvl.55.1202931425275; Wed, 13 Feb 2008 11:37:05 -0800 (PST) Received: by 10.140.185.19 with HTTP; Wed, 13 Feb 2008 11:37:05 -0800 (PST) Message-ID: Date: Wed, 13 Feb 2008 11:37:05 -0800 From: patrick To: patrick , "FreeBSD Questions Mailing List" In-Reply-To: <20080213181452.GU3587@hal.rescomp.berkeley.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20080213181452.GU3587@hal.rescomp.berkeley.edu> Cc: Subject: Re: Limit # of connections per IP using ipfw? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Feb 2008 19:37:08 -0000 Perfect, thanks! On Feb 13, 2008 10:14 AM, Christopher Cowart wrote: > > On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote: > > Is there a way to limit the number of TCP connections from a > > particular IP at a given time using ipfw? We are running Cyrus IMAP on > > FreeBSD 6.2, and are sometimes subject to POP3 brute force login > > attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these > > attacks grind the server to halt (the load level goes up beyond 350!). > > The database against which authentication takes places is on a > > separate server, so I know it's not MySQL's fault. I'd like to be able > > to set a firewall rule to set a reasonable limit per IP for these > > sorts of connections. I know that pf can do it, and I'm in the process > > of figuring out how to migrate all of our stuff over to pf, but in the > > meantime, I'd like to try to do this with ipfw. > > You can use limit rules. This should do the trick: > > # ipfw add allow tcp from any to me pop3s limit src-addr 5 > > Check the ipfw man page section on limit for more info (though it's > pretty brief). > > -- > Chris Cowart > Network Technical Lead > Network & Infrastructure Services, RSSP-IT > UC Berkeley >