From owner-freebsd-hackers Mon Nov 11 00:38:21 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id AAA29721 for hackers-outgoing; Mon, 11 Nov 1996 00:38:21 -0800 (PST) Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id AAA29709 for ; Mon, 11 Nov 1996 00:38:18 -0800 (PST) Message-Id: <199611110838.AAA29709@freefall.freebsd.org> Received: by cheops.anu.edu.au (1.37.109.16/16.2) id AA103601505; Mon, 11 Nov 1996 19:38:25 +1100 From: Darren Reed Subject: Re: Inetd mod.. comments? To: smpatel@umiacs.umd.edu (Sujal Patel) Date: Mon, 11 Nov 1996 19:38:25 +1100 (EDT) Cc: hackers@freebsd.org In-Reply-To: from "Sujal Patel" at Nov 10, 96 02:39:13 am X-Mailer: ELM [version 2.4 PL23] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In some mail from Sujal Patel, sie said: > > On Sun, 10 Nov 1996, Darren Reed wrote: > > > > 3 - Limit the number of concurrent TCP connections to a port. > > > 4 - Limit the number of concurrent TCP connections from a host/domain. > > > > These are more properly enforced by whatever it is that is managing those > > connections (ie inetd). > > I don't agree with this because hacking inetd can only get you so far. > There are many services such as ssh, sendmail, and http that don't > generally get launched from inetd. I'd hate to hack a half dozen user > apps when a simple kernel level solution exists. Besides, other firewall > products do it, why can't our ipfw? Which other firewall products and where do they implement it ? The "where" is important, here, because firewall vendors are providing a complete suite of programs to sit in on behalf of sendmail, etc, so it is more likely they can do things "correctly". Darren