From owner-freebsd-questions@FreeBSD.ORG Thu Oct 6 17:58:31 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 836DB16A41F for ; Thu, 6 Oct 2005 17:58:31 +0000 (GMT) (envelope-from fbsdlists@gmail.com) Received: from xproxy.gmail.com (xproxy.gmail.com [66.249.82.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C81143D5E for ; Thu, 6 Oct 2005 17:58:29 +0000 (GMT) (envelope-from fbsdlists@gmail.com) Received: by xproxy.gmail.com with SMTP id t5so305477wxc for ; Thu, 06 Oct 2005 10:58:29 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=WKjev1wzjpkIFeID8o8qtgp6NfYA+yDZXjrsCk3SZQb9PVFS7nptDW5mFQ+8vo7yuFgDj7Mi+kHBLxD7NhZPmboOy9COz92odI9ot3zCRIKlbXjxCOx2zSEMJvMAvR9wqwWh4OaeGbLBbJK7tbK4SgnlBF7t1zqsfYsXobap4zU= Received: by 10.70.104.1 with SMTP id b1mr1482313wxc; Thu, 06 Oct 2005 10:58:28 -0700 (PDT) Received: by 10.70.67.15 with HTTP; Thu, 6 Oct 2005 10:58:28 -0700 (PDT) Message-ID: <54db43990510061058p716704a2n24a8f9724319d2cc@mail.gmail.com> Date: Thu, 6 Oct 2005 13:58:28 -0400 From: Bob Johnson To: freebsd@akruijff.dds.nl In-Reply-To: <20051005085848.GA807@Alex.lan> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <54db439905092908455157e6a3@mail.gmail.com> <20051005085848.GA807@Alex.lan> Cc: bobo1009@mailtest2.eng.ufl.edu, freebsd-questions@freebsd.org Subject: Re: IPFW logging and dynamic rules X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Bob Johnson List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Oct 2005 17:58:31 -0000 On 10/5/05, Alex de Kruijff wrote: > On Thu, Sep 29, 2005 at 11:45:42AM -0400, Bob Johnson wrote: > > In FreeBSD 5.4R, I tried an IPFW configuration that includes something > > like this (plus a lot of other rules): > > > > check-state > > deny tcp from any to any established > > allow log tcp from any to ${my-ip} dst-port 22 setup limit src-addr = 3 > > + other rules that use keep-state [...] > > Is there some way to get the first version to log only the initial > > packet while still retaining the dynamic limit src-addr rule? > > Yes you could use count instead of allow. > > check-state > count log tcp from any to ${my-ip} dst-port 22 limit src-addr 3 > allow tcp from any to ${my-ip} dst-port 22 setup limit src-addr 3 > Thanks, I'll try that. I had overlooked the count option when I was reading the man pages. > > Howto's based on my ppersonal use, including information about > setting up a firewall and creating traffic graphs with MRTG > http://www.kruijff.org/alex/FreeBSD/ > And I will look over your tutorial as well. Thanks! - Bob