Date: Fri, 14 Nov 2008 07:52:02 +0900 From: "Son, Yeongsik" <ienfant@gmail.com> To: freebsd-ipfw@freebsd.org Subject: change specific linux iptables rule set to ipfw rule set Message-ID: <8db0c7c40811131452v70d2c2fds672384a42da5c5@mail.gmail.com>
index | next in thread | raw e-mail
One of linux server contains rule set like these: iptables -A INPUT -p tcp --syn --dport 80 - m connlimit --conlimit-above 20 -j DROP iptables -A INPUT -m recent --name KIN -rcheck --seconds 300 -j DROP iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5 -m recent --name KIN -set -j DROP simply means, drop ip try to connect tcp port 80 over 20 connections. when it happens, drop ip for 5 minutes. iptables -A INPUT -p udp --dport 53 -m length --length 512:65535 -j DROP briefly, drop ip try to connect udp port 53 which packet length is 512 ~ 65535. I want using those rules on freebsd servers, but I don't know those kind of sophisticated functions of ipfw. Is that possible freebsd? Let me share your knowledge.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8db0c7c40811131452v70d2c2fds672384a42da5c5>