Date: Tue, 3 May 2005 23:04:49 -0400 From: <bob@a1poweruser.com> To: "Alex Teslik" <alex@acatysmoof.com>, <freebsd-questions@freebsd.org> Subject: RE: dynamically limit ip connections to ports over time? Message-ID: <MIEPLLIBMLEEABPDBIEGMEAKHEAA.bob@a1poweruser.com> In-Reply-To: <20050504021412.M91151@acatysmoof.com>
next in thread | previous in thread | raw e-mail | index | archive | help
ipfw has "limit src ip" option. =20
It's documented in the handbook's firewall section.
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Alex Teslik
Sent: Tuesday, May 03, 2005 10:33 PM
To: freebsd-questions@freebsd.org
Subject: dynamically limit ip connections to ports over time?
Hi all,
I have been running a FreeBSD box for a few years. Over this time =
spammers
and other unfriendlies have found my box and have been attacking at a =
slowly
increasing rate. Every night the daily periodic scripts run and report =
to me
the number of rejected mail hosts. Last week, one of the rejected mail =
hosts
had the number of rejections listed at 3000. My hard drive has been =
getting
louder and louder as it gets busier rejecting and logging all of these =
and now
I would like to do something about it... but I'm not sure what I can do. =
When
the hard drive is at its busiest I see mail being virus and spam scanned =
at a
dizzying rate (tail -f /var/log/maillog), hence the hard drive grinding.
What I would LIKE to do is allow any ip to connect to a port for a
specified number of times per minute. If they connect too many times =
than I
would like to freeze them out for a specified amount of time. This =
solution
should be dynamic so that I don't need to constantly monitor the =
offending ip
addresses.
Originally, I thought I would attach a sendmail milter to do this, =
since
mail cannons are my main problem right now. I looked at:
http://www.milter.info/milter-limit/index.shtml
but it requires manually adding a rule for each ip.
Then I considered grey-listing:
http://www.milter.info/milter-gris/index.shtml
but I don't want to reject messages and cause mail delivery delays =
on my
system.
=20
Finally, it occurred to me that the firewall would probably be a =
better
solution and would have the nice side effect of limiting traffic to =
other
ports as well. To try to accomplish this I have been reading a lot of =
IPFilter
rules via google and lists, but I havn't found any that seems that it =
can do
what I describe above - limit by ip over time.
I'm sure this is not a unique problem - can someone point me in a =
helpful
direction?
Many Thanks
P.S.- please cc my email address as I am not subscribed.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to =
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGMEAKHEAA.bob>