Date: Thu, 27 Jun 2002 11:15:58 -0400 From: "Sorisio,Chris" <ChrisSorisio@PeakTechnical.com> To: "'security@freebsd.org'" <security@freebsd.org> Subject: [Slightly Off Topic?] Stateful Filtering & IPFW Pipes Message-ID: <C2D012DB5BE7D51197010002A53F0E179012@sinet001.peaktechnical.com>
next in thread | raw e-mail | index | archive | help
This message is in MIME format. Since your mail reader does not understand this format, some or all of this message may not be legible. ------_=_NextPart_001_01C21DED.8A7DCC70 Content-Type: text/plain; charset="iso-8859-1" [Argh. How embarrassing. Not only am I using Outlook, but it sent my first e-mail as HTML!] Hola folks, I apologize if this question is somewhat off-topic for the list. Is it possible to statefully filter a specific service emulating a full-duplex medium using ipfw and dummynet? For example, suppose I wanted to limit all ssh traffic to 1.21 jigawatts per second. I know that, on the outbound pipe, I could do something like: ipfw add pipe 1 ip from any to dst-port 22 pipe 1 config bw 256Kbit/s But how do I apply the same rule on the other half of the connection? Thanks for your time, Chris Sorisio ------_=_NextPart_001_01C21DED.8A7DCC70 Content-Type: text/html; charset="iso-8859-1" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> <HTML> <HEAD> <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1"> <META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2653.12"> <TITLE>[Slightly Off Topic?] Stateful Filtering & IPFW Pipes</TITLE> </HEAD> <BODY> <P><FONT SIZE=2>[Argh. How embarrassing. Not only am I using Outlook, but it sent my first e-mail as HTML!]</FONT> </P> <P><FONT SIZE=2>Hola folks, </FONT> </P> <P><FONT SIZE=2>I apologize if this question is somewhat off-topic for the list. </FONT> </P> <P><FONT SIZE=2>Is it possible to statefully filter a specific service emulating a full-duplex medium using ipfw and dummynet? </FONT> </P> <P><FONT SIZE=2>For example, suppose I wanted to limit all ssh traffic to 1.21 jigawatts per second. </FONT> </P> <P><FONT SIZE=2>I know that, on the outbound pipe, I could do something like: </FONT> </P> <P><FONT SIZE=2>ipfw add pipe 1 ip from any to dst-port 22 </FONT> <BR><FONT SIZE=2>pipe 1 config bw 256Kbit/s </FONT> </P> <P><FONT SIZE=2>But how do I apply the same rule on the other half of the connection? </FONT> </P> <P><FONT SIZE=2>Thanks for your time, </FONT> </P> <P><FONT SIZE=2>Chris Sorisio </FONT> </P> </BODY> </HTML> ------_=_NextPart_001_01C21DED.8A7DCC70-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C2D012DB5BE7D51197010002A53F0E179012>