[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Denying connections
[Me!]
| Hi,
| I wasn't sure if this is more of a Linux question than an ircd
| Q, so I decided to take my chances... There is a domain that I want
| to deny access to all the ports that ircd runs on, the reason for
| this is simple, there is someone there that keeps sending clones to
| the server without delaying and the server gets slow when it has to
| deny that many clients so fast(I am upgrading the hw in a few day's,
| so it might get better) and I would like to deny all connections
| from that host without ircd ever knowing that the connection attempt
| was made. Does anyone have an idea on how I can do this?
I have (with some success) used the firewalling code in the Linux
kernel to do just this. check out the manual page for ipfwadm and
take a peek at the firewalling howto.
I have found it best just to drop packets from abusive sites rather
than reject (which results in a ECONNREFUSED) them so as to possibly
slow down the attack.
you might want to NOT log these failed connections if there are a lot
of them and if you have limited space for logs.
-Bjørn
--
Bjørn Borud <borud@xxxxxxxxxxx> | "The Net interprets censorship
<URL:http://www.pvv.unit.no/~borud/> | as damage and routes around it."
UNIX person, one of "them" | - John Gilmore