Date: Wed, 12 Jan 2000 16:18:56 -0500 (EST) From: "Mr. K." <bsd@inbox.org> To: Sheldon Hearn <sheldonh@uunet.co.za> Cc: questions@FreeBSD.ORG Subject: Re: limit connections per IP? Message-ID: <Pine.BSF.3.96.1000112161425.26264A-100000@inbox.org> In-Reply-To: <84894.947694397@axl.noc.iafrica.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 12 Jan 1900, Sheldon Hearn wrote: > On Wed, 12 Jan 1900 11:12:47 EST, "Mr. K." wrote: > > > Is there a way (perhaps with ipfw?) to limit the number of connections an > > IP address can make to your system? This seems to be the only way to > > handle a DOS attack from filling up your listen queue. > > Depends on the software. If you start things up out of inetd(8), then > there's per-service and global rate-limiting available. Consult the > inetd(8) manual page for details. > > Otherwise, the options available to you are application specific and thus > effective only on a per-service basis, if at all. > > Ciao, > Sheldon. > I am writing my own daemon. I know this can be done in user space, just keep a list and check after you do an accept(), but I was hoping there was a way to do it in kernel space before it even gets in my listen queue. Otherwise it seems trivial to fill up my listen queue faster than I can perform the accept()s. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000112161425.26264A-100000>