Limiting INN's NNRP connections per IP
Jeffrey M. Vinocur
jeff at litech.org
Mon Aug 26 18:09:20 UTC 2002
On Mon, 26 Aug 2002, Russ Allbery wrote:
> greg andruk <gja at meowing.net> writes:
>
> > man innd, and look at the -H and -X options.
>
> If someone has a chance, it would be cool to put those options into nnrpd
> -D as well.
Yeah, I looked at it once but decided it wasn't trivial enough to do at
the time.
> Although another good solution to this is to run nnrpd under some
> inetd-style server that can do rate limiting or limit the number of
> connections per IP address. tcpserver unfortunately can't do that; does
> anyone know if xinetd can?
Looks like xinetd can do both sorts of limiting (though I don't think you
can customize the ratelimit by IP address). From xinetd.conf(5):
per_source Takes an integer or "UNLIMITED" as an
argument. This specifies the maximum
instances of this service per source IP
address. This can also be specified in
the defaults section.
cps Limits the rate of incoming connections.
Takes two arguments. The first argument
is the number of connections per second
to handle. If the rate of incoming con-
nections is higher than this, the service
will be temporarily disabled. The second
argument is the number of seconds to wait
before re-enabling the service after it
has been disabled.
--
Jeffrey M. Vinocur
jeff at litech.org
More information about the inn-workers
mailing list