From owner-freebsd-net@FreeBSD.ORG  Fri May 27 12:19:37 2005
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 4E8F916A41C
	for <freebsd-net@freebsd.org>; Fri, 27 May 2005 12:19:37 +0000 (GMT)
	(envelope-from dnr@freemail.lt)
Received: from mail.lrtc.lt (pegasus.lrtc.lt [217.9.240.100])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 84F4143D1F
	for <freebsd-net@freebsd.org>; Fri, 27 May 2005 12:19:35 +0000 (GMT)
	(envelope-from dnr@freemail.lt)
Received: (qmail 27488 invoked from network); 27 May 2005 12:05:46 -0000
Received: from unknown (HELO www.lrtc.net) ([217.9.240.99])
	(envelope-sender <dnr@freemail.lt>)
	by mail.lrtc.lt (qmail-ldap-1.03) with SMTP
	for <freebsd-net@freebsd.org>; 27 May 2005 12:05:46 -0000
Received: from donatas ([217.9.241.242])
	by www.lrtc.net (Lotus Domino Release 6.0)
	with SMTP id 2005052715193144-2560 ; Fri, 27 May 2005 15:19:31 +0300 
Message-ID: <032b01c562b6$56153ed0$9f90a8c0@DONATAS>
From: "dnr" <dnr@freemail.lt>
To: <freebsd-net@freebsd.org>
Date: Fri, 27 May 2005 15:19:31 +0300
MIME-Version: 1.0
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-MIMETrack: Itemize by SMTP Server on lotus/LRTC(Release 6.0|September 26,
	2002) at 05/27/2005 03:19:31 PM,
	Serialize by Router on lotus/LRTC(Release 6.0|September 26,
	2002) at 05/27/2005 03:19:33 PM,
	Serialize complete at 05/27/2005 03:19:33 PM
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset="iso-8859-4"
Subject: tcp session limit with ipfw
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 May 2005 12:19:37 -0000

is there any possibility to limit tcp session count let's say from 3 to =
2 for any port separately?

for examples:
establishing 3 active ftp sessions from 10.10.10.2 to 10.10.10.1 and =
doing transfer via 1 session we have:

10.10.10.1.ftp - 10.10.10.2.57185 - ESTABLISHED
10.10.10.1.ftp - 10.10.10.2.55069 - ESTABLISHED
10.10.10.1.ftp - 10.10.10.2.60589 - ESTABLISHED
10.10.10.1.ftp - 10.10.10.2.59201 - TIME_WAIT
10.10.10.1.ftp - 10.10.10.2.57144 - TIME_WAIT
10.10.10.1.ftp - 10.10.10.2.61237 - ESTABLISHED   ---> DATA transfer

so, how limit using IPFW any other atempts to establish ftp session =
number 4,5 etc... so we could use maximum 3sessions/1 IPaddrs?

thnx