Date: Sun, 15 Apr 2007 22:06:37 +0200 From: Ivan Voras <ivoras@fer.hr> To: freebsd-net@freebsd.org Subject: ipfw, keep-state and limit Message-ID: <evu0kp$9u9$1@sea.gmane.org>
index | next in thread | raw e-mail
[-- Attachment #1 --] I think I need to start filtering based on simultaneous connections from source IP addresses because of some abuse that's apparently going on, so, as I'm already using ipfw, I tried this: # ipfw add 6079 allow tcp from any to me 80 setup keep-state limit src-addr 10 To which ipfw replied: ipfw: only one of keep-state andlimit is allowed (including the "andlimit" typo). What I'm trying to do makes sense to me (and seems straightforward to implement, at least semantically): allow connections to port 80 with dynamic keep-state rules for individual clients, but allow only 10 connections from the same address. Is this a limitation in ipfw? Any suggestions? This is a 6-STABLE PAE+SMP machine. [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGIoXTldnAQVacBcgRAqwqAJ4hJg4vBpNLAtbKKGXA/1taY6P3NwCdG345 UTJqCHRrPc05rQqGNvQd/nM= =F42u -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?evu0kp$9u9$1>