From owner-freebsd-security@FreeBSD.ORG Wed Nov 10 06:39:01 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1890116A4CE for ; Wed, 10 Nov 2004 06:39:01 +0000 (GMT) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id A23C743D3F for ; Wed, 10 Nov 2004 06:39:00 +0000 (GMT) (envelope-from nectar@celabo.org) Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 1D62054846 for ; Wed, 10 Nov 2004 00:39:00 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 99742-10 for ; Wed, 10 Nov 2004 00:38:49 -0600 (CST) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))verified)) by gw.celabo.org (Postfix) with ESMTP id 5F68454840 for ; Wed, 10 Nov 2004 00:38:49 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 1D5A16D452; Wed, 10 Nov 2004 00:38:34 -0600 (CST) Resent-From: nectar@celabo.org Resent-Date: Wed, 10 Nov 2004 00:38:33 -0600 Resent-Message-ID: <20041110063833.GA32461@madman.celabo.org> Resent-To: freebsd-security@freebsd.org X-Original-To: nectar+freebsd@gw.celabo.org Received: from localhost (localhost [127.0.0.1]) by gw.celabo.org (Postfix) with ESMTP id 44D7454846 for ; Tue, 9 Nov 2004 21:11:43 -0600 (CST) Received: from gw.celabo.org ([127.0.0.1]) by localhost (hellblazer.celabo.org [127.0.0.1]) (amavisd-new, port 10024) with SMTP id 98257-03 for ; Tue, 9 Nov 2004 21:11:32 -0600 (CST) Received: from mx2.freebsd.org (mx2.freebsd.org [216.136.204.119]) by gw.celabo.org (Postfix) with ESMTP id AA49554840 for ; Tue, 9 Nov 2004 21:11:31 -0600 (CST) Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18]) by mx2.freebsd.org (Postfix) with ESMTP id 86C1656F4E for ; Wed, 10 Nov 2004 03:10:39 +0000 (GMT) (envelope-from owner-secteam@freebsd.org) Received: by hub.freebsd.org (Postfix) id 587D416A4D4; Wed, 10 Nov 2004 03:10:39 +0000 (GMT) Received: from hub.freebsd.org (localhost [127.0.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 486EB16A4CE; Wed, 10 Nov 2004 03:10:39 +0000 (GMT) Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E7F816A4CF for ; Wed, 10 Nov 2004 03:10:36 +0000 (GMT) Received: from lariat.org (lariat.org [63.229.157.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 51E5B43D49 for ; Wed, 10 Nov 2004 03:10:35 +0000 (GMT) (envelope-from brett@lariat.org) Received: (from brett@localhost) by lariat.org (8.9.3/8.9.3) id UAA12654 for security@freebsd.org; Tue, 9 Nov 2004 20:10:30 -0700 (MST) Date: Tue, 9 Nov 2004 20:10:30 -0700 (MST) From: Brett Glass Message-Id: <200411100310.UAA12654@lariat.org> To: freebsd-security@freebsd.org Subject: Firewall rules that discriminate by connection duration X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 06:39:01 -0000 I'm interested in crafting firewall rules that throttle connections that have lasted more than a certain amount of time. (Most such connections are P2P traffic, which should be given a lower priority than other connections and may constitute network abuse.) Alas, it doesn't appear that FreeBSD's IPFW can keep tabs on how long a connection has been established. Is there another firewall for FreeBSD that can? --Brett Glass _______________________________________________________ Please think twice when forwarding, cc:ing, or bcc:ing security-team messages. Ask if you are unsure.