> You can specify a class as "anonymous@host allow myclass" in your
> ftpusers and then restrict "myclass" I believe.

but it all comes back to the ftpd.conf, and the only limiting features that
ftpd *currently* has are:

rateget <class> <datarate>
limit <class> <number of simulations connections>

If you want to keep people from logging in from the same IP to the FTP
service, you have no way to stop this.

The *best* alternative suggestion I have had, so fare, is to limit the
amount of total bandwidth for FTP connections to a fixed amount, i.e.
1.5Mbits/sec (T1).

As netbsd99@sudog.com so eloquently stated:
>Just limit the overall bandwidth and let the users fight amongst
themselves.
>Don't limit the total number of connections--put the bandwidth to what you
>can sustain and let them learn a bit more about what a tragedy of the
commons
>means.

1) I could use some sort of complex router, CSU/DSU to accomplish this and 2
NIC etc. but that's not feasable.
2) I could use ALTQ, and limit the bandwidth from the Kernel for FTP, which
seems an awesome solution.  However, it seems that ALTQ support and
implementation is spotty in NetBSD.  More so, in my case ALTQ doesn't seems
to either work for the Alpha 1.6 port or at least with the le0 Alpha
Ethernet adaptor.

With ALTQ one could allocate 15% of total bandwidth to FTP services (of a
10Mbit, approximately 1.5Mbit/sec) and I can run my Xwin, sendmail, pop3,
DNS, etc. in the rest (85%) of the bandwidth and even 'barrow' from the FTP
15% when FTP is 'quiet'.

ALTQ is technically a great concept!

jam