分类: LINUX
2014-04-02 10:28:42
网上查了一下,per_source_limit from=是xinetd的一个机制:
per_source
Takes an integer or “UNLIMITED” as an argument. This specifies the maximum instances of this service per source IP address. This can also be specified in the defaults section.
instances
determines the number of servers that can be simultaneously active for a service (the default is no limit). The value of this attribute can be either a number or UNLIMITED which means that there is no limit.
改成下面这样就好了,增加instances及instances:
cps xxxx yyy
cps:表示当同一秒,最大的连接数达到XXXX的情况下,这个xinetd.下的服务就会停止yyy秒,这要就有效的防止来DDOS攻击
instances:表示同一个服务,同时连接的最大数量。
per_source:指定来自某个IP服务的最大实例数
service svn
{
disable = no
per_source = UNLIMITED
instances = UNLIMITED
port = 3690
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/bin/svnserve
# server_args = -i -r /var/svn-repos
server_args = --log-file /var/log/svn.log -i -r /var/svn-repos
}