From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 18 10:36:39 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A990816A401 for ; Tue, 18 Apr 2006 10:36:39 +0000 (UTC) (envelope-from neca@boox.co.yu) Received: from server.boox.co.yu (server.boox.co.yu [194.247.202.226]) by mx1.FreeBSD.org (Postfix) with SMTP id 297CF43D53 for ; Tue, 18 Apr 2006 10:36:37 +0000 (GMT) (envelope-from neca@boox.co.yu) Received: (qmail 1892 invoked by uid 0); 18 Apr 2006 10:14:11 -0000 Received: from neca.boox.co.yu (HELO ?194.247.202.241?) (194.247.202.241) by server.boox.co.yu with SMTP; 18 Apr 2006 10:14:11 -0000 Message-ID: <4444C12F.9060100@boox.co.yu> Date: Tue, 18 Apr 2006 12:36:31 +0200 From: Nenad Gavrilovic User-Agent: Mozilla Thunderbird 1.0.7 (Windows/20050923) X-Accept-Language: en-us, en MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 8bit Subject: In-Kernel NAT and stateful firewall X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 10:36:39 -0000 First, Thank You for Your work on NAT in-kernel. I have test PC and some time to test it. I have some problem to install. I add “#define IP_FW_TABLEARG 65535” in libalias/ipfw2-6/kld/ip_fw.h. Also test_ipfw_nat.sh stop in some ipfw command. I use FreeBSD 6.1-PRERELEASE. I have a question. How to use ipfw nat with or without keep-state? I successfully use ipfw nat without keep-state :(. But, I wont stateful firewall!!! Can You send me some example for ipfw nat with keep-state and check-state. Thanks, Nenad Gavrilovic From owner-freebsd-ipfw@FreeBSD.ORG Tue Apr 18 12:43:53 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A6F1316A401 for ; Tue, 18 Apr 2006 12:43:53 +0000 (UTC) (envelope-from linux@giboia.org) Received: from adriana.dilk.com.br (adriana.dilk.com.br [200.250.23.1]) by mx1.FreeBSD.org (Postfix) with SMTP id 50DB443D55 for ; Tue, 18 Apr 2006 12:43:51 +0000 (GMT) (envelope-from linux@giboia.org) Received: (qmail 41014 invoked by uid 98); 18 Apr 2006 12:43:56 -0000 Received: from 10.0.0.95 by lda.dilk.com.br (envelope-from , uid 82) with qmail-scanner-1.25-st-qms (uvscan: v4.4.00/v4545. perlscan: 1.25-st-qms. Clear:RC:1(10.0.0.95):. Processed in 0.0249 secs); 18 Apr 2006 12:43:56 -0000 Received: from unknown (HELO giboia) (linux@giboia.org@10.0.0.95) by adriana.dilk.com.br with SMTP; 18 Apr 2006 12:43:56 -0000 Date: Tue, 18 Apr 2006 09:47:15 -0300 From: Gilberto Villani Brito To: freebsd-ipfw@freebsd.org Message-ID: <20060418094715.043ce560@giboia> In-Reply-To: <20060412214619.GT9364@elvis.mu.org> References: <20060411092932.42148fd8@giboia> <20060412214619.GT9364@elvis.mu.org> X-Mailer: Sylpheed-Claws 1.0.4 (GTK+ 1.2.10; i586-mandriva-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: Re: Load-balancing X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 12:43:53 -0000 Hi, thanks for help, but I read many thinks about fwd and anything works. I would like know if I put: # ipfw add fwd 200.x.x.2 ip from any to any and trace route to somewhere, it is passed through GW1 (200.x.x.1) and not through GW2 (200.x.x.2). This is the why I posted here. Gilberto On Wed, 12 Apr 2006 14:46:19 -0700 Bill Fumerola wrote: > On Tue, Apr 11, 2006 at 09:29:32AM -0300, Gilberto Villani Brito wrote: > > I would make load-balancing using ipfw, but I have 2 routers in the same interface: > > > > FreeBSD (200.xxx.xxx.3) -------> GW1 (200.xxx.xxx.1) (63%) > > |--> GW2 (200.xxx.xxx.2) (33%) > > > > How can I make load-balancing using ipfw??? > > > > I'm using pf (pass out on em0 route-to (em0 200.xxx.xxx.2) round-robin from any to any keep state probability 33%), but I would like use just one firewall. > > the same concept you're using applies to ipfw: > > # ipfw add prob 0.33 fwd 200.x.x.2 ip from any to any > > or if you have multiple interfaces: > > # ipfw add prob 0.33 fwd 200.x.x.2 ip from any to any xmit em0 > > any laziness-induced syntax errors i've made notwithstanding those should > work fine. remember to compile IPFIREWALL_FORWARD and enable ip forwarding. > > -- bill > > > _______________________________________________ > freebsd-ipfw@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw > To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org" > From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 20 07:07:01 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D333C16A403 for ; Thu, 20 Apr 2006 07:07:01 +0000 (UTC) (envelope-from ari@suutari.iki.fi) Received: from espresso2.syncrontech.com (sync-old.syncrontech.com [213.28.98.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 11FFA43D45 for ; Thu, 20 Apr 2006 07:06:57 +0000 (GMT) (envelope-from ari@suutari.iki.fi) Received: from guinness.syncrontech.com (guinness.syncrontech.com [62.71.8.57]) by espresso2.syncrontech.com (8.12.11/8.12.11) with ESMTP id k3K76kZ0083701 for ; Thu, 20 Apr 2006 10:06:47 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Received: from [192.168.5.102] (coffee.syncrontech.com [192.168.5.102]) by guinness.syncrontech.com (8.13.4/8.13.4) with ESMTP id k3K76buU047893 for ; Thu, 20 Apr 2006 10:06:46 +0300 (EEST) (envelope-from ari@suutari.iki.fi) Message-ID: <444732F8.4040006@suutari.iki.fi> Date: Thu, 20 Apr 2006 10:06:32 +0300 From: Ari Suutari User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: freebsd-ipfw@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Getting kern/82724 (ipfw defaultroute/setnexthop) committed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 07:07:01 -0000 Hi, I have now been running two firewalls with patch included in kern/82724 since the pr was created (since june, 2005). Works ok, not a single panic or other problem. I'm now looking for updating to newer FreeBSD and found out that this hasn't been committed to cvs yet. Could someone with commit prileges and responsible for this area (ie. ipfw) handle it ? The code was already reviewed by Luigi Rizzo, but I guess he has been busy with other things. I really need this patch to implement policy routing on a firewall with two DSL lines. Ari S. From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 20 12:59:36 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 894C116A403 for ; Thu, 20 Apr 2006 12:59:36 +0000 (UTC) (envelope-from dmitry@atlantis.dp.ua) Received: from postman.atlantis.dp.ua (postman.atlantis.dp.ua [193.108.47.1]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4362D43D45 for ; Thu, 20 Apr 2006 12:59:33 +0000 (GMT) (envelope-from dmitry@atlantis.dp.ua) Received: from smtp.atlantis.dp.ua (smtp.atlantis.dp.ua [193.108.46.231]) by postman.atlantis.dp.ua (8.13.1/8.13.1) with ESMTP id k3KCxEUe007496; Thu, 20 Apr 2006 15:59:14 +0300 (EEST) (envelope-from dmitry@atlantis.dp.ua) Date: Thu, 20 Apr 2006 15:59:14 +0300 (EEST) From: Dmitry Pryanishnikov To: Ari Suutari In-Reply-To: <444732F8.4040006@suutari.iki.fi> Message-ID: <20060420154345.E79546@atlantis.atlantis.dp.ua> References: <444732F8.4040006@suutari.iki.fi> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-ipfw@freebsd.org Subject: Re: Getting kern/82724 (ipfw defaultroute/setnexthop) committed X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 12:59:36 -0000 Hello! On Thu, 20 Apr 2006, Ari Suutari wrote: > I have now been running two firewalls with > patch included in kern/82724 since the pr was > created (since june, 2005). Works ok, not a single panic > or other problem. I also think that both 'setnexthop' and 'defaultroute' are very useful missing features. I'd even say that they are more significant omissions that ignored "in/out/via any" (kern/95084). I'd like to see both of PRs commited. It's really hard, e.g., to count and shape overall traffic via interface if you're forwarding it there via several 'fwd' actions w/o having 'setnexthop'. I have just one question about 'setnexthop': does it actualize xmit interface name? E.g., say packet was originally routed via interface ed0, but we've forwarded it out via fxp0: 00100 fwd $fxp_gw all from $user to any out via ed0 00150 count all from any to any out via fxp0 Will our packet match 150th rule? I really hope so, otherwise it isn't so useful as it could be. Haven't checked it myself, but from the quick look over the patch I'm afraid it doesn't change xmit interface name. Sincerely, Dmitry -- Atlantis ISP, System Administrator e-mail: dmitry@atlantis.dp.ua nic-hdl: LYNX-RIPE From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 20 19:20:28 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 70AF716A40F for ; Thu, 20 Apr 2006 19:20:28 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7778243D6D for ; Thu, 20 Apr 2006 19:20:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3KJKKLs085620 for ; Thu, 20 Apr 2006 19:20:20 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3KJKKA4085619; Thu, 20 Apr 2006 19:20:20 GMT (envelope-from gnats) Date: Thu, 20 Apr 2006 19:20:20 GMT Message-Id: <200604201920.k3KJKKA4085619@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Alex de Kruijff Cc: Subject: Re: kern/63724 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex de Kruijff List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 19:20:28 -0000 The following reply was made to PR kern/63724; it has been noted by GNATS. From: Alex de Kruijff To: Maxim Konovalov Cc: bug-followup@freebsd.org Subject: Re: kern/63724 Date: Sun, 16 Apr 2006 00:42:00 +0200 Maxim, On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote: > ipfw rule #31600 counters show packets just do not reach it and all > subsequent rules. Its was not a problem with the ruleset. I used the same ruleset on 4.9 as on 5.2. The ruleset also worked when I replaced the queues with pipes. I failed to report that one needs to run 'net.inet.ip.fw.one_pass=0'. > We need the whole ipfw ruleset. I beleave I tested this test case. Did these rules work for you under 5.2 or 5.x? If so you can just close it. As for the counters I could have simply types 'ipfw z; ipfw sh'. Did the test case worked fine for you? Under 5.2? > Can you check the problem persists in recent FreeBSD releases? It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x. -- Alex From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 20 20:00:39 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D668F16A400 for ; Thu, 20 Apr 2006 20:00:39 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9862543D70 for ; Thu, 20 Apr 2006 20:00:35 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3KK0Zn2088896 for ; Thu, 20 Apr 2006 20:00:35 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3KK0Zxk088895; Thu, 20 Apr 2006 20:00:35 GMT (envelope-from gnats) Date: Thu, 20 Apr 2006 20:00:35 GMT Message-Id: <200604202000.k3KK0Zxk088895@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Maxim Konovalov Cc: Subject: Re: kern/63724 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Maxim Konovalov List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 20:00:39 -0000 The following reply was made to PR kern/63724; it has been noted by GNATS. From: Maxim Konovalov To: akruijff@dds.nl Cc: bug-followup@freebsd.org Subject: Re: kern/63724 Date: Thu, 20 Apr 2006 23:56:54 +0400 (MSD) On Sun, 16 Apr 2006, 00:42+0200, Alex de Kruijff wrote: > Maxim, > > On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote: > > ipfw rule #31600 counters show packets just do not reach it and all > > subsequent rules. > > Its was not a problem with the ruleset. I used the same ruleset on 4.9 > as on 5.2. The ruleset also worked when I replaced the queues with > pipes. I failed to report that one needs to run > 'net.inet.ip.fw.one_pass=0'. > > > We need the whole ipfw ruleset. > > I beleave I tested this test case. Did these rules work for you under > 5.2 or 5.x? If so you can just close it. > > As for the counters I could have simply types 'ipfw z; ipfw sh'. > > Did the test case worked fine for you? Under 5.2? > > > Can you check the problem persists in recent FreeBSD releases? > > It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x. Neither do I. -- Maxim Konovalov From owner-freebsd-ipfw@FreeBSD.ORG Thu Apr 20 20:30:20 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DD01216A40B for ; Thu, 20 Apr 2006 20:30:20 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7010E43D60 for ; Thu, 20 Apr 2006 20:30:20 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3KKUJdE090017 for ; Thu, 20 Apr 2006 20:30:19 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3KKUJl9090016; Thu, 20 Apr 2006 20:30:19 GMT (envelope-from gnats) Date: Thu, 20 Apr 2006 20:30:19 GMT Message-Id: <200604202030.k3KKUJl9090016@freefall.freebsd.org> To: freebsd-ipfw@FreeBSD.org From: Alex de Kruijff Cc: Subject: Re: kern/63724 X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Alex de Kruijff List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 20:30:21 -0000 The following reply was made to PR kern/63724; it has been noted by GNATS. From: Alex de Kruijff To: Maxim Konovalov Cc: bug-followup@freebsd.org Subject: Re: kern/63724 Date: Thu, 20 Apr 2006 22:23:14 +0200 On Thu, Apr 20, 2006 at 11:56:54PM +0400, Maxim Konovalov wrote: > On Sun, 16 Apr 2006, 00:42+0200, Alex de Kruijff wrote: > > Maxim, > > On Fri, Apr 14, 2006 at 01:05:01AM +0400, Maxim Konovalov wrote: > > > ipfw rule #31600 counters show packets just do not reach it and all > > > subsequent rules. > > > > Its was not a problem with the ruleset. I used the same ruleset on 4.9 > > as on 5.2. The ruleset also worked when I replaced the queues with > > pipes. I failed to report that one needs to run > > 'net.inet.ip.fw.one_pass=0'. > > > > > We need the whole ipfw ruleset. > > > > I beleave I tested this test case. Did these rules work for you under > > 5.2 or 5.x? If so you can just close it. > > > > As for the counters I could have simply types 'ipfw z; ipfw sh'. > > > > Did the test case worked fine for you? Under 5.2? > > > > > Can you check the problem persists in recent FreeBSD releases? > > > > It works under 6.x. (both 6.0 as 6.1) I don't have a box with 5.x. > > Neither do I. My hunce is that its also fixed in the later 5 releases, so I suggest closing the bug report. Tanks for you time, Alex From owner-freebsd-ipfw@FreeBSD.ORG Fri Apr 21 09:15:23 2006 Return-Path: X-Original-To: freebsd-ipfw@hub.freebsd.org Delivered-To: freebsd-ipfw@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A01A316A415; Fri, 21 Apr 2006 09:15:23 +0000 (UTC) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5CD6843D45; Fri, 21 Apr 2006 09:15:23 +0000 (GMT) (envelope-from maxim@FreeBSD.org) Received: from freefall.freebsd.org (maxim@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k3L9FNs7043537; Fri, 21 Apr 2006 09:15:23 GMT (envelope-from maxim@freefall.freebsd.org) Received: (from maxim@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k3L9FNEe043533; Fri, 21 Apr 2006 09:15:23 GMT (envelope-from maxim) Date: Fri, 21 Apr 2006 09:15:23 GMT From: Maxim Konovalov Message-Id: <200604210915.k3L9FNEe043533@freefall.freebsd.org> To: akruijff@dds.nl, maxim@FreeBSD.org, freebsd-ipfw@FreeBSD.org Cc: Subject: Re: kern/63724: [ipfw] IPFW2 Queues dont t work X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 09:15:23 -0000 Synopsis: [ipfw] IPFW2 Queues dont t work State-Changed-From-To: open->closed State-Changed-By: maxim State-Changed-When: Fri Apr 21 09:14:15 UTC 2006 State-Changed-Why: The problem does not exists in HEAD/RELENG_6. http://www.freebsd.org/cgi/query-pr.cgi?pr=63724 From owner-freebsd-ipfw@FreeBSD.ORG Sat Apr 22 19:51:10 2006 Return-Path: X-Original-To: freebsd-ipfw@freebsd.org Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3291016A400 for ; Sat, 22 Apr 2006 19:51:10 +0000 (UTC) (envelope-from vladone@spaingsm.com) Received: from mail.spaingsm.com (llwb135.servidoresdns.net [217.76.137.82]) by mx1.FreeBSD.org (Postfix) with ESMTP id C37B743D46 for ; Sat, 22 Apr 2006 19:51:08 +0000 (GMT) (envelope-from vladone@spaingsm.com) Received: from SERVER (unknown [88.158.112.6]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by mail.spaingsm.com (Postfix) with ESMTP id 9F60A24C5DA for ; Sat, 22 Apr 2006 21:26:17 +0200 (CEST) Date: Sat, 22 Apr 2006 22:51:04 +0300 From: vladone X-Mailer: The Bat! (v3.62.14) Professional X-Priority: 3 (Normal) Message-ID: <415864864.20060422225104@spaingsm.com> To: freebsd-ipfw@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Subject: about limit in ipfw rules X-BeenThere: freebsd-ipfw@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: vladone List-Id: IPFW Technical Discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2006 19:51:10 -0000 How to work this rules? ipfw add allow tcp from any to me setup limit src-addr 4 and ipfw add allow tcp from my_net to any setup limit src-addr 10