Date: Sun, 1 Jun 2003 13:59:08 +0400 From: "Nickolay A. Kritsky" <nkritsky@internethelp.ru> To: Avleen Vig <lists-freebsd@silverwraith.com> Cc: security@freebsd.org Subject: Re: IPFW logging brokeness? Message-ID: <13228662178.20030601135908@internethelp.ru> In-Reply-To: <20030530222255.GZ294@silverwraith.com> References: <20030530222255.GZ294@silverwraith.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Avleen, Saturday, May 31, 2003, 2:22:55 AM, you wrote: AV> My rule: AV> add 100 allow log tcp from any to <my IP> <ports> limit src-addr 2 AV> I want connecting parties to be able to form no more than 2 connection. AV> This works perfectly, jsut as I'd expect it to. AV> Except for 'log'. AV> All I want is to have the first packet match of a connection match, like AV> IPF's "log first" capability. Try this: 90 pass tcp from any to any established 100 allow log tcp from any to <my IP> <ports> limit src-addr 2 ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?13228662178.20030601135908>