From owner-freebsd-security  Thu Jun 27  8: 4:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from relay1.san1.aens.net (relay1.san1.aens.net [192.215.81.74])
	by hub.freebsd.org (Postfix) with ESMTP id E417937B405
	for <security@freebsd.org>; Thu, 27 Jun 2002 08:04:25 -0700 (PDT)
Received: from sinet001.PEAKtechnical.com ([207.252.187.100])
	by relay1.san1.aens.net (8.11.6/8.9.3) with ESMTP id g5RF5bK32386
	for <security@freebsd.org>; Thu, 27 Jun 2002 15:05:37 GMT
Message-ID: <C2D012DB5BE7D51197010002A53F0E179011@sinet001.peaktechnical.com>
From: "Sorisio,Chris" <ChrisSorisio@PeakTechnical.com>
To: "'security@freebsd.org'" <security@freebsd.org>
Subject: [Slightly Off Topic?]  Stateful Filtering & IPFW Pipes
Date: Thu, 27 Jun 2002 11:04:23 -0400
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----_=_NextPart_001_01C21DEB.EC125660"
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

This message is in MIME format. Since your mail reader does not understand
this format, some or all of this message may not be legible.

------_=_NextPart_001_01C21DEB.EC125660
Content-Type: text/plain;
	charset="iso-8859-1"

Hola folks,

I apologize if this question is somewhat off-topic for the list.

Is it possible to statefully filter a specific service emulating a
full-duplex medium using ipfw and dummynet?

For example, suppose I wanted to limit all ssh traffic to 1.21 jigawatts per
second.

I know that, on the outbound pipe, I could do something like:

ipfw add pipe 1 ip from any to dst-port 22 
pipe 1 config bw 256Kbit/s

But how do I apply the same rule on the other half of the connection?

Thanks for your time,

Chris Sorisio

------_=_NextPart_001_01C21DEB.EC125660
Content-Type: text/html;
	charset="iso-8859-1"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12">
<TITLE>[Slightly Off Topic?]  Stateful Filtering &amp; IPFW Pipes</TITLE>
</HEAD>
<BODY>

<P><FONT SIZE=2>Hola folks,</FONT>
</P>

<P><FONT SIZE=2>I apologize if this question is somewhat off-topic for the list.</FONT>
</P>

<P><FONT SIZE=2>Is it possible to statefully filter a specific service emulating a full-duplex medium using ipfw and dummynet?</FONT>
</P>

<P><FONT SIZE=2>For example, suppose I wanted to limit all ssh traffic to 1.21 jigawatts per second.</FONT>
</P>

<P><FONT SIZE=2>I know that, on the outbound pipe, I could do something like:</FONT>
</P>

<P><FONT SIZE=2>ipfw add pipe 1 ip from any to dst-port 22 </FONT>
<BR><FONT SIZE=2>pipe 1 config bw 256Kbit/s</FONT>
</P>

<P><FONT SIZE=2>But how do I apply the same rule on the other half of the connection?</FONT>
</P>

<P><FONT SIZE=2>Thanks for your time,</FONT>
</P>

<P><FONT SIZE=2>Chris Sorisio</FONT>
</P>

</BODY>
</HTML>
------_=_NextPart_001_01C21DEB.EC125660--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message