Date: Wed, 6 Jun 2007 13:55:25 +0300 From: Nikos Vassiliadis <nvass@teledomenet.gr> To: freebsd-questions@freebsd.org Cc: Freminlins <freminlins@gmail.com> Subject: Re: ipfw - limit other networks Message-ID: <200706061355.26438.nvass@teledomenet.gr> In-Reply-To: <eeef1a4c0706060315i2bac1443w2acb0e29dd46652f@mail.gmail.com> References: <eeef1a4c0706060315i2bac1443w2acb0e29dd46652f@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 06 June 2007 13:15, Freminlins wrote:
> Hi,
>
> I am trying to limit the number of connections from "foreign" networks
> to a server. I don't want to limit bandwidth, just the number of
> connections. Let's say I have a network 192.168.1.0/24. I want to allow
> 192.168.2.0/24 to have at most 50 connections. I want to allow
> 192.168.3.0/24 to have 20 connections. And so on. Is this even possible?
> Some applications can do this but I would prefer to do this at the
> network level.
Yes, it is possible. The keyword is 'limit'. From the ipfw manual:
limit {src-addr | src-port | dst-addr | dst-port} N
The firewall will only allow N connections with the same set of
parameters as specified in the rule. One or more of source and
destination addresses and ports can be specified. Currently,
only IPv4 flows are supported.
HTH, Nikos
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200706061355.26438.nvass>