Date: Thu, 6 Oct 2005 13:58:28 -0400 From: Bob Johnson <fbsdlists@gmail.com> To: freebsd@akruijff.dds.nl Cc: bobo1009@mailtest2.eng.ufl.edu, freebsd-questions@freebsd.org Subject: Re: IPFW logging and dynamic rules Message-ID: <54db43990510061058p716704a2n24a8f9724319d2cc@mail.gmail.com> In-Reply-To: <20051005085848.GA807@Alex.lan> References: <54db439905092908455157e6a3@mail.gmail.com> <20051005085848.GA807@Alex.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/5/05, Alex de Kruijff <freebsd@akruijff.dds.nl> wrote:
> On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote:
> > In FreeBSD 5.4R, I tried an IPFW configuration that includes something
> > like this (plus a lot of other rules):
> >
> > check-state
> > deny tcp from any to any established
> > allow log tcp from any to ${my-ip} dst-port 22 setup limit src-addr =
3
> > + other rules that use keep-state
[...]
> > Is there some way to get the first version to log only the initial
> > packet while still retaining the dynamic limit src-addr rule?
>
> Yes you could use count instead of allow.
>
> check-state
> count log tcp from any to ${my-ip} dst-port 22 limit src-addr 3
> allow tcp from any to ${my-ip} dst-port 22 setup limit src-addr 3
>
Thanks, I'll try that. I had overlooked the count option when I was
reading the man pages.
>
> Howto's based on my ppersonal use, including information about
> setting up a firewall and creating traffic graphs with MRTG
> http://www.kruijff.org/alex/FreeBSD/
>
And I will look over your tutorial as well. Thanks!
- Bob
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?54db43990510061058p716704a2n24a8f9724319d2cc>