On 3/29/11 12:56 AM, N dhert wrote: > I have shorewall-4.4.17. > Recently I had some machine on the internet trying to fetch a large file > (500 Mb) from our website and starting a hughe numbers of connections to > our webserver (almost a 100), which made the load of the machine very > high and almost brought it down .. > I read http://shorewall.net/Actions.html "Limiting Per-IP Connection > Rate using the Limit Action" > a line > Limit:info:HTTPA,10,600 net serv tcp 80 > would limit any IP to maximum 10 httpd connections to my webserver > during 10 minutes. > Does this mean he can open an 11th, 12th ... to 20th connection after a > 10 minutes wait after the 10th connection started and so on? > This way, although slower, still a large number of connections could be > started. > > Limit:info:HTTPA,10,86400 ... > would be max 10 in 1 day (24 hours), is such a large number of seconds > acceptable in shorewall? > > Or what would be the best way to limit the number of HTTP connections by > a single IP address at any time?
There really is none. Limit is deprecated in favor of per-IP limiting in the RATE LIMIT column of the rules file. And there is no mechanism in Shorewall to limit the total number of connections. Sorry -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
