Date: Mon, 2 Aug 2004 11:47:52 -0400 From: "JJB" <Barbish3@adelphia.net> To: "Mark" <admin@asarian-host.net>, <freebsd-questions@freebsd.org> Subject: RE: One OR MORE of source and destination addresses? Message-ID: <MIEPLLIBMLEEABPDBIEGIEFDGIAA.Barbish3@adelphia.net> In-Reply-To: <200408021534.I72FY1AM004596@asarian-host.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Like the manual says, you can not code both options on single rule.
You have to make 2 rules out of it.
state ipfw add allow tcp from any to me 25 setup limit dst-addr 32
state ipfw add allow tcp from any to me 25 setup limit src-addr 8
-----Original Message-----
From: owner-freebsd-questions@freebsd.org
[mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Mark
Sent: Monday, August 02, 2004 11:34 AM
To: freebsd-questions@freebsd.org
Subject: One OR MORE of source and destination addresses?
Color me confused. The ipfw manual says:
limit {src-addr | src-port | dst-addr | dst-port} N
The firewall will only allow N connections with the same set of
parameters as specified in the rule. One or more of source and
destination addresses and ports can be specified.
If "One or more of source and destination addresses and ports can be
specified", then I'd like to limit both the total amount of
connections, as
well as per-src. Something like this:
ipfw check-state ipfw add allow tcp from any to me 25 setup limit
dst-addr
32 src-addr 8
The error I get is:
"ipfw: only one of keep-state and limit is allowed"
So, how can I specify "One OR MORE of source and destination
addresses" in
the rule to achieve this effect?
Thanks,
- Mark
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGIEFDGIAA.Barbish3>