PHREL is a per host rate limiter. It will track the rate of incoming traffic on a server and insert a chain into iptables when a configured threshold is crossed. The inserted chain may either rate limit or block the offending host for a period of time. The inserted chain is automatically removed when the offending host's traffic levels return to normal. PHREL is particularly well suited to protecting nameservers (DNS) from random hosts that flood requests, and to preventing SSH brute force login attempts.
|Tags||Internet DNS Monitoring Networking Firewalls Utilities|
|Operating Systems||POSIX Linux|
Release Notes: A compilation failure when NetSNMP was not available was fixed. A number of warnings were cleaned up.
Release Notes: This release fixes a segfault on startup related to specific server interfaces and a bug related to excluded CIDR prefix ranges.
Release Notes: Support for IPv6, support for setting the direction of packet monitoring, the ability to syncronize between instances of PHREL via a MySQL database, and a number of security related improvements.
Release Notes: Command line thresholds are no longer required if they are specified within the configuration file.
Release Notes: Several incorrect uses of memset() that prevented proper initialization of internal structures, causing seg faults on some systems were fixed. The MIB was updated with an enterprises number assigned by the Internet Assigned Numbers Authority (IANA). Promiscuous mode is now a configurable option, which is disabled by default. The max chain size was lowered to 28 characters and chain names were shortened due to length restrictions in Fedora Core 4. Configuration file support was added.