Re: Limit # of connections per IP using ipfw?
Perfect, thanks! On Feb 13, 2008 10:14 AM, Christopher Cowart <[EMAIL PROTECTED]> wrote: > > On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote: > > Is there a way to limit the number of TCP connections from a > > particular IP at a given time using ipfw? We are running Cyrus IMAP on > > FreeBSD 6.2, and are sometimes subject to POP3 brute force login > > attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these > > attacks grind the server to halt (the load level goes up beyond 350!). > > The database against which authentication takes places is on a > > separate server, so I know it's not MySQL's fault. I'd like to be able > > to set a firewall rule to set a reasonable limit per IP for these > > sorts of connections. I know that pf can do it, and I'm in the process > > of figuring out how to migrate all of our stuff over to pf, but in the > > meantime, I'd like to try to do this with ipfw. > > You can use limit rules. This should do the trick: > > # ipfw add allow tcp from any to me pop3s limit src-addr 5 > > Check the ipfw man page section on limit for more info (though it's > pretty brief). > > -- > Chris Cowart > Network Technical Lead > Network & Infrastructure Services, RSSP-IT > UC Berkeley > ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Limit # of connections per IP using ipfw?
On Wed, Feb 13, 2008 at 09:23:31AM -0800, patrick wrote: > Is there a way to limit the number of TCP connections from a > particular IP at a given time using ipfw? We are running Cyrus IMAP on > FreeBSD 6.2, and are sometimes subject to POP3 brute force login > attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these > attacks grind the server to halt (the load level goes up beyond 350!). > The database against which authentication takes places is on a > separate server, so I know it's not MySQL's fault. I'd like to be able > to set a firewall rule to set a reasonable limit per IP for these > sorts of connections. I know that pf can do it, and I'm in the process > of figuring out how to migrate all of our stuff over to pf, but in the > meantime, I'd like to try to do this with ipfw. You can use limit rules. This should do the trick: # ipfw add allow tcp from any to me pop3s limit src-addr 5 Check the ipfw man page section on limit for more info (though it's pretty brief). -- Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley pgpQqf8woDCZ5.pgp Description: PGP signature
Limit # of connections per IP using ipfw?
Is there a way to limit the number of TCP connections from a particular IP at a given time using ipfw? We are running Cyrus IMAP on FreeBSD 6.2, and are sometimes subject to POP3 brute force login attacks. I'm not sure if it's Cyrus or the SASL SQL plugin, but these attacks grind the server to halt (the load level goes up beyond 350!). The database against which authentication takes places is on a separate server, so I know it's not MySQL's fault. I'd like to be able to set a firewall rule to set a reasonable limit per IP for these sorts of connections. I know that pf can do it, and I'm in the process of figuring out how to migrate all of our stuff over to pf, but in the meantime, I'd like to try to do this with ipfw. Thanks, Patrick ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"