From owner-freebsd-questions Tue Apr 30 23:41:28 2002 Delivered-To: freebsd-questions@freebsd.org Received: from some.ants.ate.my.cat5.at.dsgx.org (some.ants.ate.my.cat5.at.dsgx.org [64.215.225.2]) by hub.freebsd.org (Postfix) with ESMTP id 7ADB737B405 for ; Tue, 30 Apr 2002 23:41:22 -0700 (PDT) Received: from some.ants.ate.my.cat5.at.dsgx.org (localhost.dsgx.org [64.215.225.2] (may be forged)) by some.ants.ate.my.cat5.at.dsgx.org (8.12.3/8.11.6) with SMTP id g412epqB016290 for ; Wed, 1 May 2002 02:40:51 GMT (envelope-from hh@dsgx.org) Date: Wed, 1 May 2002 02:40:51 +0000 From: hh To: freebsd-questions@freebsd.org Subject: see this . Message-Id: <20020501024051.42e9f1b9.hh@dsgx.org> Organization: dsgx net solutions X-Mailer: Sylpheed version 0.7.4 (GTK+ 1.2.10; i386-portbld-freebsd4.5) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG i made cvsup so i could get the latest version of ipfw .. so i could use the limit option but guess some# man ipfw |grep limit These dynamic rules, which have a limited lifetime, are checked at the limitation using WF2Q). ging limit rather than net.inet.ip.fw.verbose_limit, where the value ``0'' removes the logging limit. Logging may then be re- Console logging and the log limit are adjustable dynamically limited to the bits which are set in the mask. and the length of the port list is limited to IP_FW_MAX_PORTS same protocol. The rule has a limited lifetime (con- A value of 0 (default) means unlimited bandwidth. The unit must Maximum number of dynamic rules. When you hit this limit, no A first and efficient way to limit access (not using dynamic rules) is To limit the number of connections a user can open you can use the fol- ipfw add allow tcp from my-net/24 to any setup limit src-addr 10 -> ipfw add allow tcp from any to me setup limit src-addr 4 such attacks can be partially limited by acting on a set of sysctl(8) We can use pipes to artificially limit bandwidth, e.g. on a machine act- ing as a router, if we want to limit traffic from local clients on Should we like to simulate a bidirectional link with bandwidth limita- connection often becomes a limiting factor much more than bandwidth: all traffic. Because the pipes have no limitations, the only effect is A more sophisticated example is limiting the outbound traffic on a net with per-host limits, rather than per-network limits: that's the option im try 1.1.1.1 -> i changed because i didn't wanna tell my real addr .. oh well u guys can understand and im running in 4.4-RELEASE-p9 i updated the src .. probably is 4.5p4 now .. and on the another machine is an 4.5p2 .. and this same commands works .. how should i proceed ? the only way is to build/install world .. and recompile kernel and reboot ? thx for your time some# ipfw add allow tcp from any to 1.1.1.1 80 limit src-addr 20 ipfw: error: unknown argument ``limit'' .. and bellow here show me all the help of ipfw .. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message