From owner-freebsd-hackers Thu Dec 20 16:11:39 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from giganda.komkon.org (giganda.komkon.org [63.167.241.66]) by hub.freebsd.org (Postfix) with ESMTP id ABACE37B417; Thu, 20 Dec 2001 16:11:34 -0800 (PST) Received: (from str@localhost) by giganda.komkon.org (8.11.3/8.11.3) id fBL0BXQ46124; Thu, 20 Dec 2001 19:11:33 -0500 (EST) (envelope-from str) Date: Thu, 20 Dec 2001 19:11:33 -0500 (EST) From: Igor Roshchin Message-Id: <200112210011.fBL0BXQ46124@giganda.komkon.org> To: hackers@freebsd.org, questions@freebsd.org Subject: ipfw - limit on the number of "setup" connections from one IP Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Hello! I wonder if that is by any change possible to limit the number of the number of simultaneous open connections from the same IP to the host, using ipfw "setup" rule. My understanding of the manuals days, that such capability is not currently implemented, but I hope I am wrong on this. :-) It looks like it would be a nice feature to add to dummynet(4) - some type of per-[client]host-IP control (number of connections, total bandwidth allowed for each incoming IP, and other dummynet policies applied to each incoming IP) There are a few modules for apache that implement such policies, but it would be nice to do that at the packet level, to reduce (while balancing) the load on the servers. Best regards Igor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message