From owner-freebsd-questions@freebsd.org  Sun May 29 13:25:27 2016
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 07AE8B4F7E3
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Sun, 29 May 2016 13:25:27 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: from ipmail07.adl2.internode.on.net (ipmail07.adl2.internode.on.net
 [150.101.137.131])
 by mx1.freebsd.org (Postfix) with ESMTP id 9C34E1E57
 for <freebsd-questions@freebsd.org>; Sun, 29 May 2016 13:25:25 +0000 (UTC)
 (envelope-from FreeBSD@shaneware.biz)
Received: from ppp14-2-37-105.lns21.adl2.internode.on.net (HELO leader.local)
 ([14.2.37.105])
 by ipmail07.adl2.internode.on.net with ESMTP; 29 May 2016 22:50:13 +0930
Subject: Re: Can ipfw be used to limit concurrent requests from an IP?
To: Will Squire <will_squire@hotmail.co.uk>, freebsd-questions@freebsd.org
References: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl>
From: Shane Ambler <FreeBSD@ShaneWare.Biz>
Message-ID: <574AEC8B.5080701@ShaneWare.Biz>
Date: Sun, 29 May 2016 22:50:11 +0930
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101
 Thunderbird/38.7.1
MIME-Version: 1.0
In-Reply-To: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 29 May 2016 13:25:27 -0000

On 28/05/2016 05:04, Will Squire wrote:
> Can ipfw limit the number requests in a given amount of time from a
> specific IP?
>
> To contextualise, if an IP sends requests in high concurrency (let's
> say 50 a second) can ipfw either block requests the exceed a
> threshold for that second (lets say the threshold is 20, 30 would be
> blocked), or ban/deny the given IP for exceeding a threshold?
>
> The aim is to lessen strain under DoS attacks, specifically for HTTP.
> The system is using Apache and mod_evasive has been added and tested,
> but it is not functioning correctly.
>
> (P.S. The freebsd-ipfw list seems to be for development of the
> technology only, so asking this here. Please let me know if this
> isn’t the case)

You might want to look at sshguard

http://www.freshports.org/security/sshguard-ipfw/

http://www.sshguard.net/

-- 
FreeBSD - the place to B...Software Developing

Shane Ambler