SSH login takes very long time...sometimes
Atanas
atanas at asd.aplus.net
Thu Feb 16 18:09:42 PST 2006
Niki Denev said the following on 02/16/06 16:11:
>
> I solved this for me with the following pf(4) rule :
>
> pass in quick on $ext inet proto tcp from any to any port ssh flags S/SA \
> keep state (source-track rule, max-src-conn $max_conn_per_ip, max-src-conn-rate $max_conn_rate, \
> overload <tempban-ssh> flush global)
>
> with appropriate $max_conn_per_ip and $max_conn_rate limits,
> and "expiretable" in a cronjob to flush all entries in the <tempban-ssh> table which
> are older than predefined period.
>
> I hope this helps.
>
Thanks for the tip! I knew that at some point I will have to switch to
pf, but unfortunately it wasn't available in FreeBSD-4.x, and I still
have plenty of such boxes.
Does anybody know whether ipfw (or something else within FreeBSD-4) is
capable of setting connection rate limits?
Regards,
Atanas
More information about the freebsd-stable
mailing list