tech-misc: Re: inetd and restrictions based on IP

Subject: Re: inetd and restrictions based on IP
To: Bernd Ernesti <netbsd@lists.veego.de>
From: Jachym Holecek <freza@dspfpga.com>
List: tech-misc
Date: 02/10/2007 18:51:27

# Bernd Ernesti 2007-02-10:
> On Sat, Feb 10, 2007 at 06:12:34PM +0100, Hubert Feyrer wrote:
> > On Sat, 10 Feb 2007, Jeremy C. Reed wrote:
> > >-C rate
> > >       Specify the default maximum number of times a service can be
> > >       invoked from a single IP address in one minute; the default is
> > >       unlimited.  May be overridden on a per-service basis with the
> > >       "max-connections-per-ip-per-minute" parameter.
> > 
> > >From our inetd(8) manpage:
> [..]
> >      The optional ``max'' suffix (separated from ``wait'' or ``nowait'' by a
> >      dot or a colon) specifies the maximum number of server instances that
> >      may be spawned from inetd within an interval of 60 seconds.  When
> >      omitted, ``max'' defaults to 40.
> 
> Jeremy is proposing a limit for a single IP and not for all IPs.
> 
> I would like to see the changes integrated.

Maybe it would be better to have the feature in libwrap (if that's
sane & reasonably possible)?

	-- Jachym