From owner-freebsd-questions Tue Feb 6 6:48:38 2001 Delivered-To: freebsd-questions@freebsd.org Received: from dsl-64-193-218-89.telocity.com (dsl-64-193-218-89.telocity.com [64.193.218.89]) by hub.freebsd.org (Postfix) with SMTP id 82A3837B491 for ; Tue, 6 Feb 2001 06:48:20 -0800 (PST) Received: (qmail 19040 invoked by uid 1000); 6 Feb 2001 14:45:45 -0000 Date: Tue, 6 Feb 2001 08:45:44 -0600 From: Lucas Bergman To: Neil Blakey-Milner Cc: freebsd-questions@freebsd.org Subject: Re: Limiting connections w/ ftpd Message-ID: <20010206084544.A23072@billygoat.slb.to> Reply-To: lucas@slb.to References: <009d01c08f3d$f7a77de0$0101a8c0@pavilion> <20010205084218.A19317@billygoat.slb.to> <20010206101815.A52096@rapier.smartspace.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010206101815.A52096@rapier.smartspace.co.za>; from nbm@mithrandr.moria.org on Tue, Feb 06, 2001 at 10:18:15AM +0200 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > > > I've been recently getting flooded with connections via ftp, and > > > I was wondering how to limit ftp connections per IP address to > > > stop "connection floods" from a single host name. I can't find > > > much documentation on the standard FreeBSD "ftpd" that explains > > > how this would be done. > > > > ftpd doesn't know how many simultaneous connections are being > > made, since each ftpd only handles one connection; inetd handles > > the starting of multiple daemons. Stock inetd does not have a > > facility for concurrency limits. You'll have to use /TCP > > Wrappers/ or /ucspi-tcp/; they're both in ports. I've used > > /ucspi-tcp/ with good results. > > While ucspi-tcp is often my preferred solution, you're wrong about > FreeBSD's inetd; it can do concurrency and time-based limits. From > the inetd man page: You are, of course, correct. That will teach me to write answers early in the morning. What I /meant/ was that stock inetd does not "good" control of concurrency. In particular, it causes what many people, including myself, consider unnecessary interruptions in popular services. That was why I originally made the switch; I was tired of my services hanging up for ten minutes at a time, for example, when I imposed a limit. I, too, dislike when people take their personal preferences and pass them off as gospel truth. My careless sentence about inetd above did just that. *Cringe* Thanks, Lucas To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message