Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 31 May 2016 15:00:32 -0700
From:      Michael Sierchio <kudzu@tenebras.com>
To:        Will Squire <will_squire@hotmail.co.uk>
Cc:        FreeBSD Questions <freebsd-questions@freebsd.org>
Subject:   Re: Can ipfw be used to limit concurrent requests from an IP?
Message-ID:  <CAHu1Y70YkyOoiune7nWbBXK4yF3Bovm5D8Bh5ini_u=ejyTXLg@mail.gmail.com>
In-Reply-To: <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl>
References:  <BLU436-SMTP926330783884990F4A0231DA420@phx.gbl>
next in thread | previous in thread | raw e-mail | index | archive | help 
You can use dummynet  pipes (and optionally queues) with a mask for this.
You can specify queue size in slots. You can also make use of red/gred (see
the manpage).

I might choose a larger mask than 0xffffffff because a new pipe will be
instantiated for each matching address.

a very simple example

ipfw pipe 1 config bw 800Byte/s mask src-ip 0xffffc000
ipfw add pipe 1 tcp from any to me ssh in recv $OIF setup

- M



On Fri, May 27, 2016 at 12:34 PM, Will Squire <will_squire@hotmail.co.uk>
wrote:
>
> Can ipfw limit the number requests in a given amount of time from a
specific IP?
>
> To contextualise, if an IP sends requests in high concurrency (let's say
50 a second) can ipfw either block requests the exceed a threshold for that
second (lets say the threshold is 20, 30 would be blocked), or ban/deny the
given IP for exceeding a threshold?
>
> The aim is to lessen strain under DoS attacks, specifically for HTTP. The
system is using Apache and mod_evasive has been added and tested, but it is
not functioning correctly.
>
> (P.S. The freebsd-ipfw list seems to be for development of the technology
only, so asking this here. Please let me know if this isn=E2=80=99t the cas=
e)
>
>
> Thanks
>
> Kind regards,
>
> Will Squire
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "
freebsd-questions-unsubscribe@freebsd.org"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHu1Y70YkyOoiune7nWbBXK4yF3Bovm5D8Bh5ini_u=ejyTXLg>