From owner-freebsd-ipfw@FreeBSD.ORG Tue Feb 27 16:02:38 2007 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id B15F316A417 for ; Tue, 27 Feb 2007 16:02:38 +0000 (UTC) (envelope-from jordi@cdmon.com) Received: from smtp01.cdmon.com (smtp01.cdmon.com [86.109.99.230]) by mx1.freebsd.org (Postfix) with ESMTP id 6D9B113C441 for ; Tue, 27 Feb 2007 16:02:38 +0000 (UTC) (envelope-from jordi@cdmon.com) Received: from [192.168.0.174] (62.Red-217-126-43.staticIP.rima-tde.net [217.126.43.62]) by smtp01.cdmon.com (Postfix) with ESMTP id 35E81F8255; Tue, 27 Feb 2007 17:02:40 +0100 (CET) Message-ID: <45E45632.40304@cdmon.com> Date: Tue, 27 Feb 2007 17:02:58 +0100 From: Jordi Moles User-Agent: Mozilla Thunderbird 1.5.0.9 (X11/20061206) MIME-Version: 1.0 To: Nikola Stojanoski References: <45E2AA23.3020901@cdmon.com> <001401c759b3$1c169ad0$02170a0a@Nikola> In-Reply-To: <001401c759b3$1c169ad0$02170a0a@Nikola> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw along with netstat X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 Feb 2007 16:02:38 -0000 hi, thanks for the information, it works great!! I've got another question related to this... how does ipfw actually count the number of ip addresses? I mean... let's say i set up the firewall to only accept 50 connections. ? does it count 50 connexions per second? 50 during a minute? or what? thanks. En/na Nikola Stojanoski ha escrit: > you can use limit for that. here is the part about limit in ipfw manual: > > limit {src-addr | src-port | dst-addr | dst-port} N > The firewall will only allow N connections with the same > set of > parameters as specified in the rule. One or more of > source and > destination addresses and ports can be specified. > > so a simple way to limit max connections per ip is: > > ipfw add allow ip from any to any limit src-addr 100 > > this way you will limiit yourself also with 100 connections per ip, > but you can play around with recv, xmit, via and other settings to fit > your needs > > Regards > > ----- Original Message ----- From: "Jordi Moles" > To: > Sent: Monday, February 26, 2007 10:36 AM > Subject: ipfw along with netstat > > >> hi, >> >> I've done a lot of research about that but found anything like i >> need. I'm running an ipfw firewall on a FreeBSD 6.1 and i wonder if >> ipfw can add rules automatically when it detects, for example, that >> an ip address has 100 connections open in the server. I'm doing a >> similar thing with a perl script and netstat. The script counts how >> many connections an ip address opened and it automatically adds a new >> rule to the firewall, but I'm looking for a way in which ipfw does >> that on its own. >> >> thank you. >> _______________________________________________ >> freebsd-ipfw@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw >> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"