From owner-freebsd-questions@FreeBSD.ORG  Sun May 23 17:15:01 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0E59716A4CE
	for <freebsd-questions@freebsd.org>;
	Sun, 23 May 2004 17:15:01 -0700 (PDT)
Received: from asarian-host.net (mail.asarian-host.net [194.109.160.70])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7043D43D2F
	for <freebsd-questions@freebsd.org>;
	Sun, 23 May 2004 17:15:00 -0700 (PDT)
	SRS0=tH7ZJ6Bf=IS=asarian-host.net=admin@asarian-host.net)
Comments: To protect the identity of the sender, certain header
	fields are either not shown, or masked. Anonymous email
	accounts can be requested by filling in the appropriate
	form at: https://asarian-host.net/cgi-bin/signup.cgi
Received: (from root@localhost)
	by mail.asarian-host.net (8.12.11/8.12.11) id i4O0EFD1085439
	for freebsd-questions@freebsd.org;
	Mon, 24 May 2004 02:14:15 +0200 (CEST)
	(envelope-from admin@asarian-host.net)
From: Mark <admin@asarian-host.net>
Received-SPF: pass (asarian-host.net: domain of admin@asarian-host.net
	designates sender IP as SASL permitted sender)
Message-Id: <200405240014.I4O0EEDQ085429@asarian-host.net>
Date: Mon, 24 May 2004 00:14:15 GMT
X-Authenticated-Sender: admin@asarian-host.net
X-Trace: LEyeTxvhPjLF9HZRP5fGV0Enkl01kOG0O6RTaSmSLeM5eoFULId68gXbMjoOyFMhejfrTM/P9G/8QcHj+ZP9rw==
X-Complaints-To: abuse@asarian-host.net
X-Abuse-Info: Please be sure to forward a copy of ALL headers,
	otherwise we are unable to process your complaint
Organization: Asarian-host
To: <freebsd-questions@freebsd.org>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Auth: Asarian-host PGP signature
	iQEVAwUAQLE+VzFqW1BleBN9AQFgOgf/YuSHSVLK6Z1J2LyFtDyTcKGCJdZgka+9
	KfL3sWcy016jtiEafliOD6CZhuTG+kh5omjdYw9bdiZfqIvHhKcOXF/IpfhuM3NV
	I/mvFvzHhqUV7ZubSkzHvcpZE/aRuOBnfEg/J1PYBRRnF3cZHMi8Fe1RUic1Nw6u
	z6n3MZxzGy+ojxhpnr+hR7u6hy69RgSnwH/uj2ah5LL89D1kddP1qqnSn6lvKUh3
	c3htB7zGbPpsXlTOfQbCkqyakHOQIRTMrqau6/jOquOFO9CVTA513FQmUsVAWWyp
	hS//jzIK2qKWwnxIK5AhZ0xTOKf3e96hSS2TWq8cAQ0yEl6ib4KZuw==
	=1JSv
Subject: Limit port 25 via ipfw
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 24 May 2004 00:15:01 -0000

Hello,

I was experimenting a bit with limiting the amount on simultaneous
connections to port 25; because if sendmail starts rejecting connections (at
32), my Milter trips over it. I did the following, on FreeBSD 4.9R:

${fwcmd} add 65500 check-state
${fwcmd} add 65501 allow tcp from any to me 25,587 limit dst-addr 30

I thought that would do it. But sendmail still occassionally rejects
connections because the 32 limit is passed. Is there an error in my ipfw
rules somehow?

Thanks,

- Mark