| To: | a b <tripivceta@hotmail.com> |
|---|---|
| Subject: | Re: Limit number of outgoing connections |
| From: | Darren Reed <darrenr@reed.wattle.id.au> |
| Date: | Sat, 23 Dec 2006 11:59:39 +1100 |
| Cc: | ipfilter@coombs.anu.edu.au |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | ipfilter-list@securepoint.com |
| In-reply-to: | <BAY134-F383A27CBFC34F445885DD2DCCD0@phx.gbl> |
| References: | <BAY134-F383A27CBFC34F445885DD2DCCD0@phx.gbl> |
| Reply-to: | darrenr@reed.wattle.id.au |
| Sender: | owner-ipfilter@coombs.anu.edu.au |
| User-agent: | Thunderbird 1.5.0.5 (Windows/20060719) |
a b wrote: >> You can define a limit per-rule, like this: >> >> pass in proto tcp from any to any port 6881:6889 flags S keep state >> (limit 10) > > Hello Darren, > > would you please elaborate more on the ####:#### port syntax? Must the > (limit N) syntax be always combined with a port construct? The limit is to do with states, not ports. >> pass in proto tcp from any to any port 6881:6889 flags S keep state >> pass in proto tcp from any to any port = ssh flags S keep state >> (limit 10) >> >> Will *always allow* upto 10 ssh connections, even if there are 100 >> bittorrent >> connections. > > Wouldn't it be cleaner to increase the size of the state table via an > IPF directive? No, because that is a global limit, not a local limit. Darren |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Limit number of outgoing connections, a b |
|---|---|
| Next by Date: | Re: NAT and age, Christian Karpp |
| Previous by Thread: | Re: Limit number of outgoing connections, a b |
| Next by Thread: | ipfilter compile issue on ubuntu server 6.06, Ernest Natiello |
| Indexes: | [Date] [Thread] [Top] [All Lists] |