Re: misc/18947 (ftpd lacks a per host limit of simultaneous connections)

[Elad Efrat <elad%NetBSD.org@localhost>]

The following reply was made to PR misc/18947; it has been noted by GNATS.

From: Elad Efrat <elad%NetBSD.org@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: 
Subject: Re: misc/18947 (ftpd lacks a per host limit of simultaneous 
connections)
Date: Mon, 15 Mar 2010 00:44:55 -0400

 David Holland wrote:
 > The following reply was made to PR misc/18947; it has been noted by GNATS.
 > 
 > From: David Holland <dholland-bugs%netbsd.org@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: 
 > Subject: Re: misc/18947 (ftpd lacks a per host limit of simultaneous
 >      connections)
 > Date: Mon, 15 Mar 2010 04:05:19 +0000
 > 
 >  On Sun, Mar 14, 2010 at 10:10:09PM +0000, Elad Efrat wrote:
 >   >  Lacking such a mechanism, however, here's the cleanest way to "fix" such
 >   >  problems:
 >   >  
 >   >          http://www.openbsd.org/faq/pf/filter.html
 >   >  
 >   >  (See, e.g., "Stateful Tracking Options.")
 >   >  
 >   >  This PR should be closed.
 >  
 >  I don't think that's the right long-term answer.
 >  
 >  inetd already has connection rate limiting; why shouldn't it get a bit
 >  smarter?
 
 Using inetd to do it falls in the same category as using pf to do it (as
 both lack application context, e.g. username), only that it's much
 worse, of course, as it requires someone -- whom I suspect isn't going
 to be you -- to write code that already exists and is actively
 maintained elsewhere.
 
 -e.