Date: Tue, 3 May 2005 23:04:49 -0400 From: <bob@a1poweruser.com> To: "Alex Teslik" <alex@acatysmoof.com>, <freebsd-questions@freebsd.org> Subject: RE: dynamically limit ip connections to ports over time? Message-ID: <MIEPLLIBMLEEABPDBIEGMEAKHEAA.bob@a1poweruser.com> In-Reply-To: <20050504021412.M91151@acatysmoof.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfw has "limit src ip" option. =20 It's documented in the handbook's firewall section. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Alex Teslik Sent: Tuesday, May 03, 2005 10:33 PM To: freebsd-questions@freebsd.org Subject: dynamically limit ip connections to ports over time? Hi all, I have been running a FreeBSD box for a few years. Over this time = spammers and other unfriendlies have found my box and have been attacking at a = slowly increasing rate. Every night the daily periodic scripts run and report = to me the number of rejected mail hosts. Last week, one of the rejected mail = hosts had the number of rejections listed at 3000. My hard drive has been = getting louder and louder as it gets busier rejecting and logging all of these = and now I would like to do something about it... but I'm not sure what I can do. = When the hard drive is at its busiest I see mail being virus and spam scanned = at a dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding. What I would LIKE to do is allow any ip to connect to a port for a specified number of times per minute. If they connect too many times = than I would like to freeze them out for a specified amount of time. This = solution should be dynamic so that I don't need to constantly monitor the = offending ip addresses. Originally, I thought I would attach a sendmail milter to do this, = since mail cannons are my main problem right now. I looked at: http://www.milter.info/milter-limit/index.shtml but it requires manually adding a rule for each ip. Then I considered grey-listing: http://www.milter.info/milter-gris/index.shtml but I don't want to reject messages and cause mail delivery delays = on my system. =20 Finally, it occurred to me that the firewall would probably be a = better solution and would have the nice side effect of limiting traffic to = other ports as well. To try to accomplish this I have been reading a lot of = IPFilter rules via google and lists, but I havn't found any that seems that it = can do what I describe above - limit by ip over time. I'm sure this is not a unique problem - can someone point me in a = helpful direction? Many Thanks P.S.- please cc my email address as I am not subscribed. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMEAKHEAA.bob>