From owner-freebsd-ipfw@FreeBSD.ORG  Mon May 16 15:50:47 2005
Return-Path: <owner-freebsd-ipfw@FreeBSD.ORG>
Delivered-To: freebsd-ipfw@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2FA6B16A4CE
	for <freebsd-ipfw@freebsd.org>; Mon, 16 May 2005 15:50:47 +0000 (GMT)
Received: from mail2.dbitech.ca (radius.wavefire.com [64.141.13.252])
	by mx1.FreeBSD.org (Postfix) with SMTP id 988A543DD2
	for <freebsd-ipfw@freebsd.org>; Mon, 16 May 2005 15:50:46 +0000 (GMT)
	(envelope-from darcy@wavefire.com)
Received: (qmail 1127 invoked from network); 16 May 2005 17:34:46 -0000
Received: from unknown (HELO ?64.141.15.12?) (64.141.15.12)
  by radius.wavefire.com with SMTP; 16 May 2005 17:34:46 -0000
From: Darcy Buskermolen <darcy@wavefire.com>
Organization: Wavefire Technologies Corp
To: dwi amk <dwi.amk@gmail.com>
Date: Mon, 16 May 2005 08:51:49 -0700
User-Agent: KMail/1.8
References: <6917ef380505130957479e6134@mail.gmail.com>
	<200505131051.55892.darcy@wavefire.com>
	<6917ef3805051320594810d4dd@mail.gmail.com>
In-Reply-To: <6917ef3805051320594810d4dd@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200505160851.49793.darcy@wavefire.com>
cc: freebsd-ipfw@freebsd.org
Subject: Re: natd connection limit per host
X-BeenThere: freebsd-ipfw@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: IPFW Technical Discussions <freebsd-ipfw.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ipfw>
List-Post: <mailto:freebsd-ipfw@freebsd.org>
List-Help: <mailto:freebsd-ipfw-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw>,
	<mailto:freebsd-ipfw-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2005 15:50:47 -0000

On Friday 13 May 2005 20:59, dwi amk wrote:
> Thanks for quick reply, but that's not exactly what i want to do right
> now. I want to limit not the bandwidth use, but the maximum number a
> host can do NAT. It's like a user can connect to max 2 IRC server and
> do max 3 DCC and 1 Messenger, that he can connect  to max 6 NAT
> connection. How can we do this by ipfw?


     limit {src-addr | src-port | dst-addr | dst-port} N
             The firewall will only allow N connections with the same set of
             parameters as specified in the rule.  One or more of source and
             destination addresses and ports can be specified.



-- 
Darcy Buskermolen
Wavefire Technologies Corp.

http://www.wavefire.com
ph: 250.717.0200
fx: 250.763.1759