-
-
Notifications
You must be signed in to change notification settings - Fork 3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add rate-limit for outgoing connections #6117
Comments
Related - libp2p/go-libp2p#1550 |
Could you write the whole command please? Anything happened here since 2019? |
Here is the full workaround. I didnt initially paste it in full, because it is rather lengthy: c=ipfs
iptables -N $c 2>/dev/null
iptables -F $c
# limit outgoing connection attempts to not be counted as port-scanning by server-hoster
#iptables -A $c -d 10.0.0.0/8 -j ACCEPT
#iptables -A $c -d 192.168.0.0/16 -j ACCEPT
iptables -A $c -d $OWNIP -j ACCEPT
iptables -A $c -d 127.0.0.1 -j ACCEPT
iptables -A $c --match limit --limit 12/min --limit-burst 1 -j ACCEPT
iptables -A $c -j DROP
c=OUTPUT
iptables -F $c
iptables -A $c -p tcp --syn --match owner --uid-owner $UID --sport 4001 -j ipfs You need to adjust or drop the |
I would rather like to have this feature, as my hosting provider is flagging my host as netscanning, because ipfs is establishing connections too quickly. |
Version information:
ipfs version 0.4.19
Type:
One of
Description:
This is distinct from #2489 and #3320
ipfs is opening outgoing connections at such a rate that it repeatedly triggered the network scan detector of my hoster.
The cheap workaround for now uses
iptables -m limit --limit 12/min -p tcp --sport 4001 --syn ...
It would be much nicer if the ipfs daemon could be configured to limit itself.
The text was updated successfully, but these errors were encountered: