Limit # of connections per IP using ipfw?
ccowart at rescomp.berkeley.edu
Wed Feb 13 18:14:58 UTC 2008
On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote:
> Is there a way to limit the number of TCP connections from a
> particular IP at a given time using ipfw? We are running Cyrus IMAP on
> FreeBSD 6.2, and are sometimes subject to POP3 brute force login
> attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these
> attacks grind the server to halt (the load level goes up beyond 350!).
> The database against which authentication takes places is on a
> separate server, so I know it's not MySQL's fault. I'd like to be able
> to set a firewall rule to set a reasonable limit per IP for these
> sorts of connections. I know that pf can do it, and I'm in the process
> of figuring out how to migrate all of our stuff over to pf, but in the
> meantime, I'd like to try to do this with ipfw.
You can use limit rules. This should do the trick:
# ipfw add allow tcp from any to me pop3s limit src-addr 5
Check the ipfw man page section on limit for more info (though it's
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 825 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080213/d146112a/attachment.pgp
More information about the freebsd-questions