Limiting INN's NNRP connections per IP

Russ Allbery rra at stanford.edu
Mon Aug 26 19:15:24 UTC 2002


Jeffrey M Vinocur <jeff at litech.org> writes:

> Looks like xinetd can do both sorts of limiting (though I don't think
> you can customize the ratelimit by IP address).  From xinetd.conf(5):

>        per_source       Takes  an  integer  or  "UNLIMITED" as an
>                         argument.   This  specifies  the  maximum
>                         instances  of  this service per source IP
>                         address.  This can also be  specified  in
>                         the defaults section.

>        cps              Limits  the rate of incoming connections.
>                         Takes two arguments.  The first  argument
>                         is  the  number of connections per second
>                         to handle.  If the rate of incoming  con-
>                         nections is higher than this, the service
>                         will be temporarily disabled.  The second
>                         argument is the number of seconds to wait
>                         before re-enabling the service  after  it
>                         has been disabled.

Sounds like maybe we should just recommend that people with this need run
nnrpd from under xinetd.  (Is it portable to operating systems other than
Linux?)

-- 
Russ Allbery (rra at stanford.edu)             <http://www.eyrie.org/~eagle/>

    Please send questions to the list rather than mailing me directly.
     <http://www.eyrie.org/~eagle/faqs/questions.html> explains why.


More information about the inn-workers mailing list