Changing firewall to include rate limits

epiphyte · April 25, 2016, 4:52am

I’ll admit that I don’t have a ton of IPTables knowledge but I didn’t noticed any rate limits on the inbound SMTP, POP, IMAP, and HTTPS connections… I am used to seeing something like this:

-A INPUT -p tcp -m tcp --dport 993 -m state --state NEW -m recent --set --name imapssl --rsource
-A INPUT -p tcp -m tcp --dport 993 -m state --state NEW -m recent --update --seconds 10 --hitcount 20 --name imapssl --rsource -j LOG_AND_DROP
-A INPUT -p tcp -m tcp --dport 993 -j ACCEPT

Is there rate limits already in the rules and I am just missing it?

JoshData · April 25, 2016, 10:14pm

No one has suggested that before. We have (and are extending) rate limiting on failed logins, resulting in IP blocks. But not rate limiting for connections in general (that don’t result in failed logins). Definitely worth considering adding.

JoshData · April 25, 2016, 10:15pm

(Also see https://github.com/mail-in-a-box/mailinabox/blob/master/setup/system.sh#L292.)

epiphyte · April 26, 2016, 2:19am

Sent you a pull request for changes to the setup files that will implement limited inbound connections…

system · June 25, 2016, 4:52am

This topic was automatically closed after 61 days. New replies are no longer allowed.