Date: Wed, 14 Jan 2004 09:47:17 -0500 From: Dan Pelleg <daniel+bsd@pelleg.org> To: fbsd_user@a1poweruser.com Cc: "freebsd-questions@FreeBSD. ORG" <freebsd-questions@FreeBSD.ORG> Subject: Re: IPFW 'keep state' & 'limit' Message-ID: <u2s4quya8p6.fsf@pelleg.org> In-Reply-To: <MIEPLLIBMLEEABPDBIEGCEEJFEAA.fbsd_user@a1poweruser.com> (fbsd user's message of "Tue, 13 Jan 2004 21:39:43 -0500") References: <MIEPLLIBMLEEABPDBIEGCEEJFEAA.fbsd_user@a1poweruser.com>
next in thread | previous in thread | raw e-mail | index | archive | help
"fbsd_user" <fbsd_user@a1poweruser.com> writes: > Reading the man page on IPFW rule syntax, I get the impression that > the 'limit' option uses the stateful dynamic rules table. But it's > unclear whether 'keep state' and limit can be used on the same rule, > or if the limit option performs the 'keep state' function in > addition to the limit function. > > So as an example > > $cmd 00390 allow tcp from any to any 22 in via dc0 setup keep-state > limit src-addr 3 > > will this work? > limit implies keep-state, and you should really specify one or the other. If you specify both, ipfw won't complain, but ipfw2 will. So it's best to not do that. -- Dan Pelleg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?u2s4quya8p6.fsf>