From owner-freebsd-doc  Sat Aug 17 13:10:10 2002
Delivered-To: freebsd-doc@hub.freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9087437B400
	for <freebsd-doc@hub.freebsd.org>; Sat, 17 Aug 2002 13:10:04 -0700 (PDT)
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 331AF43E75
	for <freebsd-doc@hub.freebsd.org>; Sat, 17 Aug 2002 13:10:04 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g7HKA3JU078103
	for <freebsd-doc@freefall.freebsd.org>; Sat, 17 Aug 2002 13:10:03 -0700 (PDT)
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g7HKA339078102;
	Sat, 17 Aug 2002 13:10:03 -0700 (PDT)
Date: Sat, 17 Aug 2002 13:10:03 -0700 (PDT)
Message-Id: <200208172010.g7HKA339078102@freefall.freebsd.org>
To: freebsd-doc@FreeBSD.org
Cc: 
From: Josh Paetzel <friar_josh@webwarrior.net>
Subject: Re:docs/36642 (4.5 man page on ipfw new option limit is way to
	vague.)
Reply-To: Josh Paetzel <friar_josh@webwarrior.net>
Sender: owner-freebsd-doc@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-doc.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-doc>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-doc>
X-Loop: FreeBSD.org

The following reply was made to PR docs/36642; it has been noted by GNATS.

From: Josh Paetzel <friar_josh@webwarrior.net>
To: freebsd-gnats-submit@freebsd.org
Cc: barbish@poweruser.com
Subject: Re:docs/36642 (4.5 man page on ipfw new option limit is way to
	vague.)
Date: 17 Aug 2002 14:58:43 +0000

 <I find this verbiage hard to comprehend what the author is trying to
  <say.
 <using this example
 
 <ipfw add allow tcp from any to me setup limit src-addr 4
 
 <Is it saying that for each unique ip address in the src ip
 <address field it will allow up to 4 simultaneous connections.
 
 
 Look at the example in the man page: 
 The latter can be placed on a server to make sure that a single client
 does not use more than 4 simultaneous connections.
 
 >So I would see
 
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.11  rejected
 
 >or would I see 
 
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.12  accept
 >src_ip_addr 122.33.45.11  accept
 >src_ip_addr 122.33.45.11  rejected
 >src_ip_addr 122.33.45.12  rejected
 >src_ip_addr 122.33.45.12  rejected
 >src_ip_addr 122.33.45.11  rejected
 >src_ip_addr 122.33.45.11  rejected
 
 Well, according to the example in the man page, you would see what's
 behind door number 1.
 
     
 >How does Limit know when a packet has completed so as the remove it
 >from the count?
 
 One would assume that it uses a process similar or identical to natd. 
 It keeps a table of active connections.
 
 >The real question is what is the limit option really doing and
 >how does he do it?
 
 Limit is allowing ipfw a new way to tune their networks reaction under
 load, and/or allowing administrators more granularity in their
 filtering, (e.g. We only want 4 of our techs using irc at any one time.)
 
 I don't agree that a man page should explain every little detail about
 it's inner workings.  There are plenty of binaries that have been around
 for years with less documentation than this.  
 
 
 I recommend we close this pr out.
 
 Josh
 
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-doc" in the body of the message