Contributed by mk/reverse on from the not-so-fast-buddy dept.
"Jona/BSD" notified us that Ryan Thomas McBride committed some additional features to our favourite packet filter which make it possible to limit both TCP connection count and connection establishment rate based on the source address.
Find the commit messages for kernel part and userland part on MARC.This looks really interesting, so do some testing. Remember to report all problems you might encounter but try doing some debugging on your own first.
(Comments are closed)
By Anonymous Coward (24.102.88.31) on
I assume <bad> can be defined as "not <good>" too. Some of us prefer to use whitelisting.
Comments
By Michael Knudsen (217.157.199.114) on
> I assume <bad> can be defined as "not <good>" too. Some of us
> prefer to use whitelisting.
You're confusing things. <bad> (or whatever you choose) is the table to which violaters' ip-addresses are added. This is essentially a blacklisting approach.
By Sven (80.126.65.121) on
Comments
By Michael Knudsen (217.157.199.114) on
Whoops, I've updated the link in the story now. Thanks for pointing this out. I wrongfully assumed that the submitted link was to the first commit, i.e. the kernel part of the change.
By Anonymous Coward (24.201.62.155) on
Comments
By James (151.203.124.250) on
Comments
By Anonymous Coward (24.201.62.155) on
Comments
By James (151.203.124.250) on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By Anonymous Coward (68.165.27.173) on
By James (151.203.124.250) on
Comments
By Anonymous Coward (69.197.92.181) on
Comments
By James (129.10.214.125) on
Comments
By Anonymous Coward (69.197.92.181) on
By Anonymous Coward (69.132.141.94) on
Comments
By jtorin (194.103.189.24) on
By Ondrej Suchy (194.108.74.252) ondrej.suchy@logios.cz on http://www.logios.cz/