Hi all I'm looking for a way to prevent connection DOSing of specific services. The goal is to count the connection rate per conneting ip and then reject those connections if they pass a certain limit. It looks like OpenBSD's pf is the only packet filter (except some commerctial Firewalls) which has this ability. The best I managed with iptables is to throttle the connection rate for a specific port, but this of course affecs normal users trying to use that service and does not change the fact of the service being DOSed. The other possibility I found is to write my own userspace QUEUE target connection rate tracker via the iptables api. But as I'm not a programmer and I think this is a quite common request I just wonder: Hasn't allready somebody written such a per source connection rate limmiter? Is there a repository of different userspace QUEUE tools where I could find something similar? Regards -- Benoît Panizzon, <bp@xxxxxx> ------------------------------------------------------------------------ ImproWare AG, UNIXSP & ISP Phone: +41 61 826 93 00 Kabelinternet-Hotline: +41 61 826 93 07 Zurlindenstrasse 29 Fax: +41 61 826 93 01 CH-4133 Pratteln Net: http://www.imp.ch/ ------------------------------------------------------------------------
Attachment:
pgpDWI9FH7RtX.pgp
Description: PGP signature
