Date: Mon, 11 Nov 1996 19:38:25 +1100 (EDT) From: Darren Reed <avalon@coombs.anu.edu.au> To: smpatel@umiacs.umd.edu (Sujal Patel) Cc: hackers@freebsd.org Subject: Re: Inetd mod.. comments? Message-ID: <199611110838.AAA29709@freefall.freebsd.org> In-Reply-To: <Pine.OSF.3.91.961110023741.11227A-100000@mickey.umiacs.umd.edu> from "Sujal Patel" at Nov 10, 96 02:39:13 am
next in thread | previous in thread | raw e-mail | index | archive | help
In some mail from Sujal Patel, sie said: > > On Sun, 10 Nov 1996, Darren Reed wrote: > > > > 3 - Limit the number of concurrent TCP connections to a port. > > > 4 - Limit the number of concurrent TCP connections from a host/domain. > > > > These are more properly enforced by whatever it is that is managing those > > connections (ie inetd). > > I don't agree with this because hacking inetd can only get you so far. > There are many services such as ssh, sendmail, and http that don't > generally get launched from inetd. I'd hate to hack a half dozen user > apps when a simple kernel level solution exists. Besides, other firewall > products do it, why can't our ipfw? Which other firewall products and where do they implement it ? The "where" is important, here, because firewall vendors are providing a complete suite of programs to sit in on behalf of sendmail, etc, so it is more likely they can do things "correctly". Darren
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611110838.AAA29709>