From owner-freebsd-questions@FreeBSD.ORG Mon Aug 2 15:47:59 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5C2A716A4CE for ; Mon, 2 Aug 2004 15:47:59 +0000 (GMT) Received: from mta10.adelphia.net (mta10.adelphia.net [68.168.78.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D99A43D70 for ; Mon, 2 Aug 2004 15:47:59 +0000 (GMT) (envelope-from Barbish3@adelphia.net) Received: from barbish ([67.20.101.71]) by mta10.adelphia.net (InterMail vM.6.01.03.02 201-2131-111-104-20040324) with SMTP id <20040802154757.CNKQ6319.mta10.adelphia.net@barbish>; Mon, 2 Aug 2004 11:47:57 -0400 From: "JJB" To: "Mark" , Date: Mon, 2 Aug 2004 11:47:52 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: <200408021534.I72FY1AM004596@asarian-host.net> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal Subject: RE: One OR MORE of source and destination addresses? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Barbish3@adelphia.net List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Aug 2004 15:47:59 -0000 Like the manual says, you can not code both options on single rule. You have to make 2 rules out of it. state ipfw add allow tcp from any to me 25 setup limit dst-addr 32 state ipfw add allow tcp from any to me 25 setup limit src-addr 8 -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark Sent: Monday, August 02, 2004 11:34 AM To: freebsd-questions@freebsd.org Subject: One OR MORE of source and destination addresses? Color me confused. The ipfw manual says: limit {src-addr | src-port | dst-addr | dst-port} N The firewall will only allow N connections with the same set of parameters as specified in the rule. One or more of source and destination addresses and ports can be specified. If "One or more of source and destination addresses and ports can be specified", then I'd like to limit both the total amount of connections, as well as per-src. Something like this: ipfw check-state ipfw add allow tcp from any to me 25 setup limit dst-addr 32 src-addr 8 The error I get is: "ipfw: only one of keep-state and limit is allowed" So, how can I specify "One OR MORE of source and destination addresses" in the rule to achieve this effect? Thanks, - Mark _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"