From owner-freebsd-security@FreeBSD.ORG Mon Jan 10 14:58:56 2005 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B09D16A4CE for ; Mon, 10 Jan 2005 14:58:56 +0000 (GMT) Received: from mail.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id EC5F743D46 for ; Mon, 10 Jan 2005 14:58:55 +0000 (GMT) (envelope-from estover@nativenerds.com) Received: from red (host-14-37-230-24.midco.net [24.230.37.14]) j0AF4qkl052538; Mon, 10 Jan 2005 08:04:52 -0700 (MST) (envelope-from estover@nativenerds.com) From: Ed Stover To: freebsd-security@freebsd.org In-Reply-To: References: Content-Type: text/plain Organization: Native Nerds Date: Mon, 10 Jan 2005 07:58:58 -0700 Message-Id: <1105369138.5197.9.camel@red.nativenerds.com> Mime-Version: 1.0 X-Mailer: Evolution 2.0.3 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit X-Spam-Status: No, hits=0.0 required=5.0 tests=none autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.nativenerds.com cc: Carl Mark Subject: Re: connection limit with ipfw X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: estover@nativenerds.com List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 10 Jan 2005 14:58:56 -0000 Try posting this to freebsd-ipfw@freebsd.org that might be a little more responsive toward the question. On Mon, 2005-01-10 at 12:32 +0000, Carl Mark wrote: > Hello folks, > > I'm trying to set up a ruleset that limits every user to X tcp > connections, since I have 300 active users on each server. I've been trying > to work it out with the ipfw limit but I really don't know how effective it > is. > > For example: > > ipfw -q add 15 allow tcp from me to any 80 limit dst-port X keep-state out > setup > > > Will this limit the whole machine to X connections that match the rule? I > wanted to build somehting that would limit every user to X conns without > having one rule for each user using the "uid" directive. > > Thanks for your precious help. > Regards, > Carl > > _________________________________________________________________ > It's fast, it's easy and it's free. Get MSN Messenger today! > http://www.msn.co.uk/messenger > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"