Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 26 Feb 2007 15:33:26 +0100
From:      "Nikola Stojanoski" <nikola@vlaeonline.com>
To:        "Jordi Moles" <jordi@cdmon.com>, <freebsd-ipfw@freebsd.org>
Subject:   Re: ipfw along with netstat
Message-ID:  <001401c759b3$1c169ad0$02170a0a@Nikola>
References:  <45E2AA23.3020901@cdmon.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
you can use limit for that. here is the part about limit in ipfw manual:

     limit {src-addr | src-port | dst-addr | dst-port} N
             The firewall will only allow N connections with the same set of
             parameters as specified in the rule.  One or more of source and
             destination addresses and ports can be specified.

so a simple way to limit max connections per ip is:

ipfw add allow ip from any to any limit src-addr 100

this way you will limiit yourself also with 100 connections per ip, but you 
can play around with recv, xmit, via and other settings to fit your needs

Regards

----- Original Message ----- 
From: "Jordi Moles" <jordi@cdmon.com>
To: <freebsd-ipfw@freebsd.org>
Sent: Monday, February 26, 2007 10:36 AM
Subject: ipfw along with netstat


> hi,
>
> I've done a lot of research about that but found anything like i need. I'm 
> running an ipfw firewall on a FreeBSD 6.1 and i wonder if ipfw can add 
> rules automatically when it detects, for example, that an ip address has 
> 100 connections open in the server. I'm doing a similar thing with a perl 
> script and netstat. The script counts how many connections an ip address 
> opened and it automatically adds a new rule to the firewall, but I'm 
> looking for a way in which ipfw does that on its own.
>
> thank you.
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" 




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?001401c759b3$1c169ad0$02170a0a>