Date: Mon, 14 Mar 2005 22:01:20 +0100 From: Michal Konieczny <mk@capri.pl> To: freebsd-ipfw@freebsd.org Subject: limit src-addr passes more connections than prescribed Message-ID: <4235FBA0.6050309@cml.mfk.net.pl>
next in thread | raw e-mail | index | archive | help
Hello, Last time I had to limit number of connections to my www server for some static content, due to abusive use of download managers by some of the users. So I've setup something like this: ipfw add check-state .... ipfw add allow tcp from any to a.b.c.d www in via fxp0 setup limit src-addr 5 Quite obvious, due to ipfw man page. It works - some way, I can see no more 100+ connections from single ip address, but it's often more than 5 connections in ESTABLISHED state, from single ip address - from random checks I've seen up to 20+ such connections. Order of magnitude better than previously without the limit, but something seems wrong here to me. System in question is FreeBSD 5.3 cvsup'ed to lastest 5.3-STABLE (this is production stage machine). Am I missing something, not configured it properly, maybe this has it's reasons ? Best regards, -- Michal Konieczny mk@cml.mfk.net.pl
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4235FBA0.6050309>