From owner-freebsd-hackers Thu Jun 20 22:20:39 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from iguana.icir.org (iguana.icir.org [192.150.187.36]) by hub.freebsd.org (Postfix) with ESMTP id 89D8C37B40E; Thu, 20 Jun 2002 22:20:34 -0700 (PDT) Received: (from rizzo@localhost) by iguana.icir.org (8.11.6/8.11.3) id g5L5KWK76298; Thu, 20 Jun 2002 22:20:32 -0700 (PDT) (envelope-from rizzo) Date: Thu, 20 Jun 2002 22:20:32 -0700 From: Luigi Rizzo To: Terry Lambert Cc: Giorgos Keramidas , hackers@FreeBSD.ORG Subject: Re: Limiting clients per source IP address (ftpd, inetd, etc.) Message-ID: <20020620222032.A73450@iguana.icir.org> References: <20020621000924.GA2178@hades.hell.gr> <3D129CA8.EFADA4FF@mindspring.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <3D129CA8.EFADA4FF@mindspring.com>; from tlambert2@mindspring.com on Thu, Jun 20, 2002 at 08:25:28PM -0700 Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Jun 20, 2002 at 08:25:28PM -0700, Terry Lambert wrote: > Giorgos Keramidas wrote: > > I've been thinking for quite some time to add per-client-IP limiting > > to ftpd, and I had almost decided upon something like the following, ... > Someone just did something similar for inetd (per IP per port). > > The more I think about this, and the fact that there is code growing > to do basically the same thing in every program, the more I think > that the code to do this needs to be centralized. in fact there is an ipfw rule which does just this: ipfw add allow ip from any to any limit src-addr 5 and here you go... cheers luigi To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message