Date: Wed, 4 Dec 2002 08:01:47 +1000 (EST) From: jason andrade <jason@dstc.edu.au> To: Lukas Ertl <l.ertl@univie.ac.at> Cc: Joao Carlos Mendes Luis <jonny@jonny.eng.br>, <freebsd-hubs@FreeBSD.ORG> Subject: Re: Policy question for cvsup mirrors Message-ID: <Pine.GSO.4.44.0212040759100.6363-100000@sunburn.dstc.edu.au> In-Reply-To: <20021203161619.K29570-100000@pcle2.cc.univie.ac.at>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 3 Dec 2002, Lukas Ertl wrote: > On Tue, 3 Dec 2002, Joao Carlos Mendes Luis wrote: > > > ipfw add allow tcp from my-net/24 to any setup limit src-addr 10 > > ipfw add allow tcp from any to me setup limit src-addr 4 > > This sounds very interesting! Thanks for the hint... my $0.02 is to route them to the bitbucket. yes, this might be manual (though you could, with effort, automate this to scan logs and start add routes to localhost for hosts that do this). it depends on how much of an impact this is having. we have had a user trying to fetch 650M ISO images in 10Kbyte chunks. the "download accelerator" software they were using was so bad it was trying to open 65,000 connections to fetch 10K each. because the ftpd wouldn't allow this, it was opening and closing connections as fast as the machine could process this and was a horrible waste of resources for other users. regards, -jason To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hubs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.GSO.4.44.0212040759100.6363-100000>