From owner-freebsd-questions@FreeBSD.ORG Mon Mar 1 11:47:47 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2437F16A4CE for ; Mon, 1 Mar 2004 11:47:47 -0800 (PST) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5314443D39 for ; Mon, 1 Mar 2004 11:47:46 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) i21JldJv003761 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 1 Mar 2004 19:47:39 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)id i21JldQn003760; Mon, 1 Mar 2004 19:47:39 GMT (envelope-from matthew) Date: Mon, 1 Mar 2004 19:47:39 +0000 From: Matthew Seaman To: Gerard Samuel Message-ID: <20040301194739.GC2784@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , Gerard Samuel , questions@freebsd.org References: <200403011032.12799.fbsd-questions@trini0.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="c3bfwLpm8qysLVxt" Content-Disposition: inline In-Reply-To: <200403011032.12799.fbsd-questions@trini0.org> User-Agent: Mutt/1.5.6i X-Spam-Status: No, hits=-4.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on happy-idiot-talk.infracaninophile.co.uk cc: questions@freebsd.org Subject: Re: [Repost] Limiting connections to CVS X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Mar 2004 19:47:47 -0000 --c3bfwLpm8qysLVxt Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 01, 2004 at 10:32:12AM -0500, Gerard Samuel wrote: > Reposting to list, as I was locked out of -questions over the weekend, an= d I=20 > don't know if I got any replies. > ----------------- > I read somewhere that they were able to limit CVS pserver connections > to 4 a minute. > I would like to do something similar. > I currently have a firewall/nat box running 4.9-RELEASE-p1, using ipf. > The CVS server is behind the firewall/nat box running on 4.9-RELEASE-p1. >=20 > Thanks for any insight you may provide... If you're running CVS pserver out of inetd, which I believe is the usual practice, then you can limit the total number of simultaneous connections to a service or the maximum rate at which a service may be invoked: either of those can apply to connections from one specific IP address or to all connections. See inetd.conf(5), but the syntax you want is something like: cvspserver stream tcp nowait/0/4 root /usr/bin/cvs cvs = --allow-root=3D/your/cvsroot/here pserver Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --c3bfwLpm8qysLVxt Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAQ5NbdtESqEQa7a0RAp2nAJ9pKhZhL80VeASIL/s8bGH79qo5RQCeIoYX dE+wCbEzizvz8+H0JCjWYUg= =tSHY -----END PGP SIGNATURE----- --c3bfwLpm8qysLVxt--