Date: Tue, 27 Feb 2007 17:02:58 +0100 From: Jordi Moles <jordi@cdmon.com> To: Nikola Stojanoski <nikola@vlaeonline.com> Cc: freebsd-ipfw@freebsd.org Subject: Re: ipfw along with netstat Message-ID: <45E45632.40304@cdmon.com> In-Reply-To: <001401c759b3$1c169ad0$02170a0a@Nikola> References: <45E2AA23.3020901@cdmon.com> <001401c759b3$1c169ad0$02170a0a@Nikola>
next in thread | previous in thread | raw e-mail | index | archive | help
hi,
thanks for the information, it works great!!
I've got another question related to this... how does ipfw actually
count the number of ip addresses? I mean... let's say i set up the
firewall to only accept 50 connections. ? does it count 50 connexions
per second? 50 during a minute? or what?
thanks.
En/na Nikola Stojanoski ha escrit:
> you can use limit for that. here is the part about limit in ipfw manual:
>
> limit {src-addr | src-port | dst-addr | dst-port} N
> The firewall will only allow N connections with the same
> set of
> parameters as specified in the rule. One or more of
> source and
> destination addresses and ports can be specified.
>
> so a simple way to limit max connections per ip is:
>
> ipfw add allow ip from any to any limit src-addr 100
>
> this way you will limiit yourself also with 100 connections per ip,
> but you can play around with recv, xmit, via and other settings to fit
> your needs
>
> Regards
>
> ----- Original Message ----- From: "Jordi Moles" <jordi@cdmon.com>
> To: <freebsd-ipfw@freebsd.org>
> Sent: Monday, February 26, 2007 10:36 AM
> Subject: ipfw along with netstat
>
>
>> hi,
>>
>> I've done a lot of research about that but found anything like i
>> need. I'm running an ipfw firewall on a FreeBSD 6.1 and i wonder if
>> ipfw can add rules automatically when it detects, for example, that
>> an ip address has 100 connections open in the server. I'm doing a
>> similar thing with a perl script and netstat. The script counts how
>> many connections an ip address opened and it automatically adds a new
>> rule to the firewall, but I'm looking for a way in which ipfw does
>> that on its own.
>>
>> thank you.
>> _______________________________________________
>> freebsd-ipfw@freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
>> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-ipfw@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45E45632.40304>