On 2014/10/21 17:35, Gerd Hoffmann wrote: > Hi, > >> Yes. But I think it is not a big problem, when the REJECT_TIME is over, >> the good guys can connect vnc successfully immediately. >> Or maybe we just lock those guys with "the same Source IP address" ? > > Better. Question is whenever we really want implement those schemes > within qemu or leave that to the firewall to handle (connlimit comes to > mind, see "man iptables-extensions"). >
Got it. > Doing it in qemu IMO only makes sense when using information the > firewall doesn't have. With sasl enabled we can slow down login > attempts *per user* for example. > OK. Thanks for your opinion. :) Best regards, -Gonglei
