From owner-freebsd-questions@FreeBSD.ORG Sun Jun 5 18:36:13 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 302C416A422 for ; Sun, 5 Jun 2005 18:36:13 +0000 (GMT) (envelope-from taglio@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.205]) by mx1.FreeBSD.org (Postfix) with ESMTP id AAD8A43D54 for ; Sun, 5 Jun 2005 18:36:11 +0000 (GMT) (envelope-from taglio@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so954624wra for ; Sun, 05 Jun 2005 11:36:11 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=m4gCPTgcUE9xQaaBCc+hZlRDrpagwuYJoMry410O/iY0YY8FoqoMX32AwNU4cbJMI2HLa9O6SSkcM1Mn51XiqSGt+RiDvKp9iM4AiVKqvRY8Q9EGyIHZhdc0SU0jbBtAjLFrYhrwa2t+n6zmCUFaOD5Fr03ZloSGt9uywVyAHmo= Received: by 10.54.123.10 with SMTP id v10mr541708wrc; Sun, 05 Jun 2005 11:36:11 -0700 (PDT) Received: by 10.54.38.41 with HTTP; Sun, 5 Jun 2005 11:36:11 -0700 (PDT) Message-ID: <31fbaca905060511367d24e3ec@mail.gmail.com> Date: Sun, 5 Jun 2005 20:36:11 +0200 From: Riccardo Giuntoli To: Giorgos Keramidas In-Reply-To: <20050605181315.GE16327@gothmog.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <31fbaca905060510563c64eb49@mail.gmail.com> <20050605181315.GE16327@gothmog.gr> Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: limit number of tcp connection for a GID X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Riccardo Giuntoli List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jun 2005 18:36:13 -0000 On 6/5/05, Giorgos Keramidas wrote: ... > I'm not sure if pf does this already. Even if it doesn't though, > it may be possible to write a transparent proxy that limits the > connections per uid/gid. The support for transparent proxies in > pf is awesome :-) I've found this on pf.conf(5) manpage: STATEFUL TRACKING OPTIONS All three of keep state, modulate state and synproxy state support the following options: max _number_ =09 Limits the number of concurrent states the rule may create.=09When =09 this limit is reached, further packets matching the rule that would =09 create state are dropped, until existing states time out. Thank you Giorgios Bye --=20 Name: Riccardo Giuntoli Email: taglio@gmail.com Homepage: http://www.luxoro.org/ Location: Genova, Italy 6BONE Handle: RG581-6BONE PGP Key: 0x67123739 PGP Fingerprint: CE75 16B5 D855 842F AB54=20 FB5C DDC6 4640 6712 3739 Key server: hkp://wwwkeys.eu.pgp.net