From owner-freebsd-pf@FreeBSD.ORG Sun Jun 5 19:12:45 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79C5B16A41C for ; Sun, 5 Jun 2005 19:12:45 +0000 (GMT) (envelope-from taglio@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.204]) by mx1.FreeBSD.org (Postfix) with ESMTP id 20C0543D1D for ; Sun, 5 Jun 2005 19:12:44 +0000 (GMT) (envelope-from taglio@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so961554wra for ; Sun, 05 Jun 2005 12:12:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=RU2vK2kctRTh4FynqyqDnJ/nAgog8UGEqzhzl9b1a7w6Pm5p+7Vii1TRPOyhVgM+8CbG5s+E0dkjZKKeNUGlVkfft27SIvtZ+xbRiAmHA9h9i5ldwfNlwV95J2XGaZZz0nZFKGc5cHprEVklvw9EkiYm6EQGPCe7ZzpVH1TvBPY= Received: by 10.54.15.75 with SMTP id 75mr1526709wro; Sun, 05 Jun 2005 12:12:44 -0700 (PDT) Received: by 10.54.38.41 with HTTP; Sun, 5 Jun 2005 12:12:44 -0700 (PDT) Message-ID: <31fbaca90506051212134e383e@mail.gmail.com> Date: Sun, 5 Jun 2005 21:12:44 +0200 From: Riccardo Giuntoli To: Giorgos Keramidas In-Reply-To: <20050605184032.GA66090@gothmog.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <31fbaca905060510563c64eb49@mail.gmail.com> <20050605181315.GE16327@gothmog.gr> <31fbaca905060511367d24e3ec@mail.gmail.com> <20050605184032.GA66090@gothmog.gr> Cc: freebsd-pf@freebsd.org Subject: Re: limit number of tcp connection for a GID X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Riccardo Giuntoli List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2005 19:12:45 -0000 On 6/5/05, Giorgos Keramidas wrote: ... > No trace of uid or gid matching though. I thought it was specifically > uid/gid matching that you were after. Here you are the complete fantastic rule: pass out quick proto tcp from $irc_subnet to any port {4004, 5555, 5667, 6660, 6661, 6662, 6663, 6664,\ 6665, 6666, 6667, 6668, 6669, 7000} user >=3D 1009 modulate state (max 3)= =20 I've got a /23 subnet and i want that user UID > 1009 use only two connections to ircd. The rule is correct all go in the right way :) Regards --=20 Name: Riccardo Giuntoli Email: taglio@gmail.com Homepage: http://www.luxoro.org/ Location: Genova, Italy 6BONE Handle: RG581-6BONE PGP Key: 0x67123739 PGP Fingerprint: CE75 16B5 D855 842F AB54=20 FB5C DDC6 4640 6712 3739 Key server: hkp://wwwkeys.eu.pgp.net