Subj : Re: ACiD Underworld
To   : esc
From : deon
Date : Sat Oct 11 2025 11:04 am

  Re: Re: ACiD Underworld
  By: esc to deon on Fri Oct 10 2025 11:53 pm

Howdy,

 > > * You could put something like haproxy in front (which is what I do), with
 > haproxy you can use defa
 >
 > This is interesting. I'd love to see a writeup of this :)

So I'll mention there is 1 disadvantage (if the backend doesnt support the HAPROXY_PROTOCOL) - you'll loose the sort IP address.

I added the HAPROXY_PROTOCOL to Synchronet, and did ask James to add it to Mystic (when I was using mystic moons ago - and I'm sure he didnt).

My config is essentially this;

# TELNET
frontend fe-sbbs-telnet
    bind :::23 v4v6
    default_backend be-sbbs-telnet
    maxconn 4

    # Track the backend state - and reject any attempts if its down
    acl be-telnet-dead nbsrv(be-sbbs-telnet) lt 1
    tcp-request connection reject if be-telnet-dead

    # stick table definition for storing rates
    stick-table type ipv6 size 500k expire 30m store conn_cur,conn_rate(60s)

    ## Allow clean known IPs to bypass the filter
    tcp-request connection accept if { src -f /usr/local/etc/haproxy/config/whitelist.lst }
    # Only allow 1 connections per IP opened
    tcp-request connection reject if { src_conn_cur ge 1 }
    # Only allow 1 connections per 60s
    tcp-request connection reject if { src_conn_rate ge 1 }
    tcp-request connection track-sc1 src

backend be-sbbs-telnet
    balance leastconn
    server alterant alterant:23 resolvers dns init-addr none send-proxy-v2


....лоеп
--- SBBSecho 3.29-Linux
 * Origin: I'm playing with ANSI+videotex - wanna play too? (21:2/116)

.