Limiting INN's NNRP connections per IP

Jeffrey M. Vinocur jeff at
Mon Aug 26 18:09:20 UTC 2002

On Mon, 26 Aug 2002, Russ Allbery wrote:

> greg andruk <gja at> writes:
> > man innd, and look at the -H and -X options.
> If someone has a chance, it would be cool to put those options into nnrpd
> -D as well.

Yeah, I looked at it once but decided it wasn't trivial enough to do at 
the time.

> Although another good solution to this is to run nnrpd under some
> inetd-style server that can do rate limiting or limit the number of
> connections per IP address.  tcpserver unfortunately can't do that; does
> anyone know if xinetd can?

Looks like xinetd can do both sorts of limiting (though I don't think you
can customize the ratelimit by IP address).  From xinetd.conf(5):

       per_source       Takes  an  integer  or  "UNLIMITED" as an
                        argument.   This  specifies  the  maximum
                        instances  of  this service per source IP
                        address.  This can also be  specified  in
                        the defaults section.

       cps              Limits  the rate of incoming connections.
                        Takes two arguments.  The first  argument
                        is  the  number of connections per second
                        to handle.  If the rate of incoming  con-
                        nections is higher than this, the service
                        will be temporarily disabled.  The second
                        argument is the number of seconds to wait
                        before re-enabling the service  after  it
                        has been disabled.

Jeffrey M. Vinocur
jeff at

More information about the inn-workers mailing list