val InetSocketAddress.socketHost: String get() {
      // The InetSocketAddress was specified with a string (either a numeric IP or a host name). If
      // it is a name, all IPs for that name should be tried. If it is an IP address, only that IP
      // address should be tried.
      val address = address ?: return hostName

            IpAttempts ip = entry.getValue();
            return !ip.isBlocked() && ip.getLastAttempt().plus(cleanupInterval).isBefore(now);
        });

        log.debug("Cleaned up rate limiter entries. Accounts: {}, IPs: {}", accountAttempts.size(), ipAttempts.size());
    }

    /**
     * Manually unlock an account
     *
     * @param username the username to unlock

    @Test
    public void testDifferentIpsIndependent() throws Exception {
        // Different IPs should have independent limits
        for (int i = 1; i <= 3; i++) {
            assertTrue(rateLimiter.checkAttempt("user1", "192.168.1." + i));
            rateLimiter.recordFailure("user1", "192.168.1." + i);
        }

        // All different IPs should still be allowed
        for (int i = 1; i <= 3; i++) {

- The `CloudDualStackNodeIPs` feature is now `beta`, meaning that when using
  an external cloud provider that has been updated to support the feature,
  you can pass comma-separated dual-stack `--node-ips` to `kubelet` and have
  the cloud provider take both IPs into account. ([#120275](https://github.com/kubernetes/kubernetes/pull/120275), [@danwinship](https://github.com/danwinship))

- Kube-proxy, when using a Service with External or LoadBalancer IPs on UDP services , was consuming a large amount of CPU because it was not filtering by the Service destination port and trying to delete all the UDP entries associated to the service. ([#130505](https://github.com/kubernetes/kubernetes/pull/130505),...

- Kubelet should now more reliably report the same primary node IP even if the set of node IPs reported by the CloudProvider changes. ([#79391](https://github.com/kubernetes/kubernetes/pull/79391), [@danwinship](https://github.com/danwinship))

- Added the latest GCE pinhole firewall feature, which introduces `destination-ranges` in the ingress `firewall-rules`. It restricts access to the backend IPs by allowing traffic through `ILB` or `NetLB` only. This change does **NOT** change the existing `ILB` or `NetLB` behavior. ([#109510](https://github.com/kubernetes/kubernetes/pull/109510), [@sugangli](https://github.com/sugangli))

* Fixed bug in AWS provider to handle multiple IPs when using more than 1 network interface per ec2 instance. ([#50112](https://github.com/kubernetes/kubernetes/pull/50112), [@jlz27](https://github.com/jlz27))

Distributions or administrators of Kubernetes may want to control that new Service CIDRs added to the cluster do not overlap with other networks on the cluster, that only belong to a specific range of IPs. Administrators may also prefer to retain the existing behavior of only having one ServiceCIDR per cluster. You can use `ValidatingAdmissionPolicy` to achieve this. ([#128971](https://github.com/kubernetes/kubernetes/pull/128971), [@aojea](https://github.com/aojea))...

        for (;;) {
            try {
                doConnect();
                return;
            } catch (final SmbAuthException sae) {
                throw sae; // Prevents account lockout on servers with multiple IPs
            } catch (final SmbException se) {
                if (getNextAddress() == null) {
                    throw se;
                }
                if (LogStream.level >= 3) {