Niki Denev said the following on 02/16/06 16:11:
I solved this for me with the following pf(4) rule :
pass in quick on $ext inet proto tcp from any to any port ssh flags S/SA \
keep state (source-track rule, max-src-conn $max_conn_per_ip,
max-src-conn-rate $max_conn_rate, \
overload <tempban-ssh> flush global)
with appropriate $max_conn_per_ip and $max_conn_rate limits,
and "expiretable" in a cronjob to flush all entries in the <tempban-ssh> table
which
are older than predefined period.
I hope this helps.
Thanks for the tip! I knew that at some point I will have to switch to
pf, but unfortunately it wasn't available in FreeBSD-4.x, and I still
have plenty of such boxes.
Does anybody know whether ipfw (or something else within FreeBSD-4) is
capable of setting connection rate limits?
Regards,
Atanas
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
