From owner-freebsd-questions  Mon Jun 17 10: 9:59 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from smtp.a1poweruser.com (oh-chardon6a-62.clvhoh.adelphia.net [68.65.175.62])
	by hub.freebsd.org (Postfix) with ESMTP id 8F65437B417
	for <questions@FreeBSD.ORG>; Mon, 17 Jun 2002 10:09:53 -0700 (PDT)
Received: from barbish (unknown [10.0.10.6])
	by smtp.a1poweruser.com (Postfix) with SMTP
	id 26AF110F; Mon, 17 Jun 2002 13:12:52 -0400 (EDT)
Reply-To: <barbish@a1poweruser.com>
From: "Joe & Fhe Barbish" <barbish@a1poweruser.com>
To: "Paulius Bulotas" <paulius@kaktusas.org>
Cc: "FBSDQ" <questions@FreeBSD.ORG>
Subject: RE: limit number of connections per client ip address
Date: Mon, 17 Jun 2002 13:09:52 -0400
Message-ID: <MIEPLLIBMLEEABPDBIEGCEPJCCAA.barbish@a1poweruser.com>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0)
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
In-Reply-To: <20020617100726.GB54160@kaktusas.org>
Importance: Normal
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

The ipfw limit {src-addr | src-port | dst-addr | dst-port} N is not
intended for limiting the number of connections per client ip address.

It's intended to limit the number of identical packets per ipfw rule
to fort dos flood attacks.

-----Original Message-----
From: owner-freebsd-questions@FreeBSD.ORG
[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Paulius Bulotas
Sent: Monday, June 17, 2002 6:07 AM
To: freebsd questions
Subject: Re: limit number of connections per client ip address

On 02 06 14, Nielsen wrote:
> As far as I know this is not possible in freebsd with either of the
> firewalls supplied. Dummynet is for limiting traffic rate, simulating

From ipfw man page:
limit {src-addr | src-port | dst-addr | dst-port} N
      The firewall will only allow N connections with the same
      set of parameters as specified in the rule.  One or more
      of source and destination addresses and ports can be
      specified.

Regards,
Paulius

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message