Re: Haproxy (was Avoiding Tel
By: Mike Powell to DEON on Wed Mar 13 2024 08:22 am

Hey Mike,

What haproxy settings are you using to "slow down" telnet and ssh traffic?

This is how my haproxy is configured (in a frontend definition block):

# Track the backend state - and reject any attempts if its down
acl be-telnet-dead nbsrv(be-sbbs-telnet) lt 1
tcp-request connection reject if be-telnet-dead

# stick table definition for storing rates
stick-table type ipv6 size 500k expire 30m store conn_cur,conn_rate(60s)

## Allow clean known IPs to bypass the filter
tcp-request connection accept if { src -f /usr/local/etc/haproxy/config/whitelist.lst }
# Only allow 1 connections per IP opened
tcp-request connection reject if { src_conn_cur ge 1 }
# Only allow 1 connections per 60s
tcp-request connection reject if { src_conn_rate ge 1 }
tcp-request connection track-sc1 src


...ëîåï

---
þ Synchronet þ AnsiTEX bringing back videotex but with ANSI
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)

What haproxy settings are you using to "slow down" telnet and ssh traffic?

This is how my haproxy is configured (in a frontend definition block):

Nice, thanks for sharing! I was looking at the stick-tables. Most
examples online referenced using it with http requests and I had yet to
figure out it if would work with tcp-request. Looks like it does for you
so I will try that out.


* SLMR 2.1a * I'm easy to please ... as long as I get my way
---
þ Synchronet þ CAPCITY2 * capcity2.synchro.net * Telnet/SSH:2022/Rlogin/HTTP
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)