Date: Tue, 03 Aug 2004 14:50:14 GMT From: Mark <admin@asarian-host.net> To: <freebsd-questions@freebsd.org> Subject: Re: One OR MORE of source and destination addresses? Message-ID: <200408031450.I73EOEAV035230@asarian-host.net> References: <MIEPLLIBMLEEABPDBIEGEEFFGIAA.Barbish3@adelphia.net> <200408021816.I72IGEB4020395@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mark wrote: > The goal is simple: I want to limit connections to port 25 to 32 in > total, targeted at "me". And of those 32, only 4 per source. Like so: > > ipfw add 1 check-state > ... > ipfw add 11 allow tcp from any to me 25 setup limit dst-addr 32 > ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4 > > Please, tell me then how "all wrong" this is. Because I *still* get > the impression that rule 12 is never reached. And, so far, "ipfw > show" does, indeed, only show activity on rule 11. If at all possible, I would still like to hear a suggestion as to how to combine the two rules. From my pov, the first "allow" in rule 11 makes a packet pass, provided there are less then 32 connections in total. Thus, rule 12 never gets invoked (which, indeed, seems to be the case). Someone suggested to me I was at fault for numbering the rules. Quite frankly, that does not compute to me, as ipfw autonumbers anyway (in default steps of 100, I believe). Seriously, I do not mind hearing how "all wrong" my rules are; but, at the same time, I have not heard a proper way of doing this. I appreciate suggestions, - Mark
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200408031450.I73EOEAV035230>