From owner-freebsd-hackers  Fri Jun 21  0: 0:23 2002
Delivered-To: freebsd-hackers@freebsd.org
Received: from snipe.mail.pas.earthlink.net (snipe.mail.pas.earthlink.net [207.217.120.62])
	by hub.freebsd.org (Postfix) with ESMTP
	id C3DFE37B42C; Thu, 20 Jun 2002 23:59:27 -0700 (PDT)
Received: from pool0087.cvx22-bradley.dialup.earthlink.net ([209.179.198.87] helo=mindspring.com)
	by snipe.mail.pas.earthlink.net with esmtp (Exim 3.33 #2)
	id 17LIOE-0004ed-00; Thu, 20 Jun 2002 23:59:27 -0700
Message-ID: <3D12CE82.C6761D96@mindspring.com>
Date: Thu, 20 Jun 2002 23:58:10 -0700
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony}  (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Luigi Rizzo <rizzo@icir.org>
Cc: Giorgos Keramidas <keramida@FreeBSD.ORG>, hackers@FreeBSD.ORG
Subject: Re: Limiting clients per source IP address (ftpd, inetd, etc.)
References: <20020621000924.GA2178@hades.hell.gr> <3D129CA8.EFADA4FF@mindspring.com> <20020620222032.A73450@iguana.icir.org>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

Luigi Rizzo wrote:
> On Thu, Jun 20, 2002 at 08:25:28PM -0700, Terry Lambert wrote:
> > Giorgos Keramidas wrote:
> > > I've been thinking for quite some time to add per-client-IP limiting
> > > to ftpd, and I had almost decided upon something like the following,
> ...
> > Someone just did something similar for inetd (per IP per port).
> >
> > The more I think about this, and the fact that there is code growing
> > to do basically the same thing in every program, the more I think
> > that the code to do this needs to be centralized.
> 
> in fact there is an ipfw rule which does just this:
> 
>         ipfw add allow ip from any to any limit src-addr 5
> 
> and here you go...

Can this be done per port?  THis is what both the FTP and the inetd
modification movements have been about...

-- Terry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message