From owner-freebsd-questions@FreeBSD.ORG  Wed Jun  6 10:55:33 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id CD2E216A46C
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Jun 2007 10:55:33 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from wmail.teledomenet.gr (wmail.teledomenet.gr [213.142.128.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 886E213C43E
	for <freebsd-questions@freebsd.org>;
	Wed,  6 Jun 2007 10:55:33 +0000 (UTC)
	(envelope-from nvass@teledomenet.gr)
Received: from iris (unknown [192.168.1.71])
	by wmail.teledomenet.gr (Postfix) with ESMTP id 2EFD71C8B5C;
	Wed,  6 Jun 2007 13:55:31 +0300 (EEST)
From: Nikos Vassiliadis <nvass@teledomenet.gr>
To: freebsd-questions@freebsd.org
Date: Wed, 6 Jun 2007 13:55:25 +0300
User-Agent: KMail/1.9.1
References: <eeef1a4c0706060315i2bac1443w2acb0e29dd46652f@mail.gmail.com>
In-Reply-To: <eeef1a4c0706060315i2bac1443w2acb0e29dd46652f@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200706061355.26438.nvass@teledomenet.gr>
Cc: Freminlins <freminlins@gmail.com>
Subject: Re: ipfw - limit other networks
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Jun 2007 10:55:33 -0000

On Wednesday 06 June 2007 13:15, Freminlins wrote:
> Hi,
>
> I am trying to limit the number of connections from "foreign" networks
> to a server. I don't want to limit bandwidth, just the number of
> connections. Let's say I have a network 192.168.1.0/24. I want to allow
> 192.168.2.0/24 to have at most 50 connections. I want to allow
> 192.168.3.0/24 to have 20 connections. And so on. Is this even possible?
> Some applications can do this but I would prefer to do this at the
> network level.

Yes, it is possible. The keyword is 'limit'. From the ipfw manual:

limit {src-addr | src-port | dst-addr | dst-port} N
      The firewall will only allow N connections with the same set of
      parameters as specified in the rule.  One or more of source and
      destination addresses and ports can be specified.  Currently,
      only IPv4 flows are supported.

HTH, Nikos