From owner-freebsd-security@FreeBSD.ORG Wed Nov 10 11:23:24 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C036A16A4CE for ; Wed, 10 Nov 2004 11:23:24 +0000 (GMT) Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.203]) by mx1.FreeBSD.org (Postfix) with ESMTP id 634E243D48 for ; Wed, 10 Nov 2004 11:23:24 +0000 (GMT) (envelope-from vladgalu@gmail.com) Received: by rproxy.gmail.com with SMTP id b11so203323rne for ; Wed, 10 Nov 2004 03:23:21 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=gBNMOSIpSc4rjdfisqvhBydunpQL62MhSsi7nC5hA3fIKGyf4zu0Jc8Hh4oVBmV7RnIvUz8iPBwC1egxZhMULz8SPXW9Z6RqmGL3b/4FGvB3rYpnz8rhewl2F4BXniR3gQ7OMTMyrNKNeIFon5WwLFvNkDMIu6aXecyCJeo+l0Q= Received: by 10.38.165.55 with SMTP id n55mr1054514rne; Wed, 10 Nov 2004 03:23:21 -0800 (PST) Received: by 10.38.149.19 with HTTP; Wed, 10 Nov 2004 03:23:21 -0800 (PST) Message-ID: <79722fad041110032364055ae7@mail.gmail.com> Date: Wed, 10 Nov 2004 13:23:21 +0200 From: Vlad GALU To: Brett Glass , freebsd-security@freebsd.org In-Reply-To: <200411100310.UAA12654@lariat.org> Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit References: <200411100310.UAA12654@lariat.org> Subject: Re: Firewall rules that discriminate by connection duration X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Vlad GALU List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Nov 2004 11:23:24 -0000 On Tue, 9 Nov 2004 20:10:30 -0700 (MST), Brett Glass wrote: > I'm interested in crafting firewall rules that throttle connections > that have lasted more than a certain amount of time. (Most such > connections are P2P traffic, which should be given a lower priority > than other connections and may constitute network abuse.) Alas, it > doesn't appear that FreeBSD's IPFW can keep tabs on how long a > connection has been established. Is there another firewall for > FreeBSD that can? > All firewalls in FreeBSD can, actually. It's part of the stateful inspection feature. The only thing they lack is a match parameter based on the timer. > --Brett Glass > > _______________________________________________________ > Please think twice when forwarding, cc:ing, or bcc:ing > security-team messages. Ask if you are unsure. > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > -- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.