From owner-freebsd-security@FreeBSD.ORG  Sun Jun  1 03:01:25 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7176237B401
	for <security@freebsd.org>; Sun,  1 Jun 2003 03:01:25 -0700 (PDT)
Received: from mail-pm.star.spb.ru (mail-pm.star.spb.ru [217.195.82.1])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 7C6FD43F3F
	for <security@freebsd.org>; Sun,  1 Jun 2003 03:00:02 -0700 (PDT)
	(envelope-from nkritsky@internethelp.ru)
Received: from pink.star.spb.ru ([217.195.82.10])
	by mail-pm.star.spb.ru (8.12.9/8.12.8) with ESMTP id h519xxPW026544;
	Sun, 1 Jun 2003 13:59:59 +0400 (MSD)
Received: from IBMKA ([217.195.82.7]) by pink.star.spb.ru with SMTP (Microsoft
	Exchange Internet Mail Service Version 5.5.2653.13)
	id K74KPRWV; Sun, 1 Jun 2003 13:59:59 +0400
Date: Sun, 1 Jun 2003 13:59:08 +0400
From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
X-Mailer: The Bat! (v1.49) Personal
X-Priority: 3 (Normal)
Message-ID: <13228662178.20030601135908@internethelp.ru>
To: Avleen Vig <lists-freebsd@silverwraith.com>
In-reply-To: <20030530222255.GZ294@silverwraith.com>
References: <20030530222255.GZ294@silverwraith.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
cc: security@freebsd.org
Subject: Re: IPFW logging brokeness?
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: "Nickolay A. Kritsky" <nkritsky@internethelp.ru>
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jun 2003 10:01:25 -0000

Hello Avleen,

Saturday, May 31, 2003, 2:22:55 AM, you wrote:

AV> My rule:
AV> add 100 allow log tcp from any to <my IP> <ports> limit src-addr 2

AV> I want connecting parties to be able to form no more than 2 connection.
AV> This works perfectly, jsut as I'd expect it to.
AV> Except for 'log'.

AV> All I want is to have the first packet match of a connection match, like
AV> IPF's "log first" capability.

Try this:
90 pass tcp from any to any established
100 allow log tcp from any to <my IP> <ports> limit src-addr 2


;-------------------------------------------
; NKritsky
; mailto:nkritsky@internethelp.ru