Date: Sun, 5 Jun 2005 20:36:11 +0200 From: Riccardo Giuntoli <taglio@gmail.com> To: Giorgos Keramidas <keramida@freebsd.org> Cc: freebsd-stable@freebsd.org, freebsd-questions@freebsd.org, freebsd-pf@freebsd.org Subject: Re: limit number of tcp connection for a GID Message-ID: <31fbaca905060511367d24e3ec@mail.gmail.com> In-Reply-To: <20050605181315.GE16327@gothmog.gr> References: <31fbaca905060510563c64eb49@mail.gmail.com> <20050605181315.GE16327@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/5/05, Giorgos Keramidas <keramida@freebsd.org> wrote:
...
> I'm not sure if pf does this already. Even if it doesn't though,
> it may be possible to write a transparent proxy that limits the
> connections per uid/gid. The support for transparent proxies in
> pf is awesome :-)
I've found this on pf.conf(5) manpage:
STATEFUL TRACKING OPTIONS
All three of keep state, modulate state and synproxy state support the
following options:
max _number_
=09 Limits the number of concurrent states the rule may create.=09When
=09 this limit is reached, further packets matching the rule that would
=09 create state are dropped, until existing states time out.
Thank you Giorgios
Bye
--=20
Name: Riccardo Giuntoli
Email: taglio@gmail.com
Homepage: http://www.luxoro.org/
Location: Genova, Italy
6BONE Handle: RG581-6BONE
PGP Key: 0x67123739
PGP Fingerprint: CE75 16B5 D855 842F AB54=20
FB5C DDC6 4640 6712 3739
Key server: hkp://wwwkeys.eu.pgp.net
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?31fbaca905060511367d24e3ec>