Limit # of connections per IP using ipfw?

patrick gibblertron at gmail.com
Wed Feb 13 19:37:08 UTC 2008


Perfect, thanks!

On Feb 13, 2008 10:14 AM, Christopher Cowart
<ccowart at rescomp.berkeley.edu> wrote:
>
> On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote:
> > Is there a way to limit the number of TCP connections from a
> > particular IP at a given time using ipfw? We are running Cyrus IMAP on
> > FreeBSD 6.2, and are sometimes subject to POP3 brute force login
> > attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these
> > attacks grind the server to halt (the load level goes up beyond 350!).
> > The database against which authentication takes places is on a
> > separate server, so I know it's not MySQL's fault. I'd like to be able
> > to set a firewall rule to set a reasonable limit per IP for these
> > sorts of connections. I know that pf can do it, and I'm in the process
> > of figuring out how to migrate all of our stuff over to pf, but in the
> > meantime, I'd like to try to do this with ipfw.
>
> You can use limit rules. This should do the trick:
>
> # ipfw add allow tcp from any to me pop3s limit src-addr 5
>
> Check the ipfw man page section on limit for more info (though it's
> pretty brief).
>
> --
> Chris Cowart
> Network Technical Lead
> Network & Infrastructure Services, RSSP-IT
> UC Berkeley
>


More information about the freebsd-questions mailing list