From owner-freebsd-questions@FreeBSD.ORG Wed May 4 03:05:02 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BC61316A4CF for ; Wed, 4 May 2005 03:05:02 +0000 (GMT) Received: from mta9.adelphia.net (mta9.adelphia.net [68.168.78.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id B007C43D5C for ; Wed, 4 May 2005 03:05:01 +0000 (GMT) (envelope-from bob@a1poweruser.com) Received: from barbish ([69.172.31.81]) by mta9.adelphia.net (InterMail vM.6.01.04.01 201-2131-118-101-20041129) with SMTP id <20050504030450.WZKB8952.mta9.adelphia.net@barbish>; Tue, 3 May 2005 23:04:50 -0400 From: To: "Alex Teslik" , Date: Tue, 3 May 2005 23:04:49 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) Importance: Normal In-Reply-To: <20050504021412.M91151@acatysmoof.com> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Subject: RE: dynamically limit ip connections to ports over time? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: bob@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 04 May 2005 03:05:02 -0000 ipfw has "limit src ip" option. =20 It's documented in the handbook's firewall section. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Alex Teslik Sent: Tuesday, May 03, 2005 10:33 PM To: freebsd-questions@freebsd.org Subject: dynamically limit ip connections to ports over time? Hi all, I have been running a FreeBSD box for a few years. Over this time = spammers and other unfriendlies have found my box and have been attacking at a = slowly increasing rate. Every night the daily periodic scripts run and report = to me the number of rejected mail hosts. Last week, one of the rejected mail = hosts had the number of rejections listed at 3000. My hard drive has been = getting louder and louder as it gets busier rejecting and logging all of these = and now I would like to do something about it... but I'm not sure what I can do. = When the hard drive is at its busiest I see mail being virus and spam scanned = at a dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding. What I would LIKE to do is allow any ip to connect to a port for a specified number of times per minute. If they connect too many times = than I would like to freeze them out for a specified amount of time. This = solution should be dynamic so that I don't need to constantly monitor the = offending ip addresses. Originally, I thought I would attach a sendmail milter to do this, = since mail cannons are my main problem right now. I looked at: http://www.milter.info/milter-limit/index.shtml but it requires manually adding a rule for each ip. Then I considered grey-listing: http://www.milter.info/milter-gris/index.shtml but I don't want to reject messages and cause mail delivery delays = on my system. =20 Finally, it occurred to me that the firewall would probably be a = better solution and would have the nice side effect of limiting traffic to = other ports as well. To try to accomplish this I have been reading a lot of = IPFilter rules via google and lists, but I havn't found any that seems that it = can do what I describe above - limit by ip over time. I'm sure this is not a unique problem - can someone point me in a = helpful direction? Many Thanks P.S.- please cc my email address as I am not subscribed. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"