One OR MORE of source and destination addresses?

JJB Barbish3 at adelphia.net
Mon Aug 2 08:47:59 PDT 2004


Like the manual says, you can not code both options on single rule.
You have to make 2 rules out of it.

state ipfw add allow tcp from any to me 25 setup limit dst-addr 32
state ipfw add allow tcp from any to me 25 setup limit src-addr 8



-----Original Message-----
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Mark
Sent: Monday, August 02, 2004 11:34 AM
To: freebsd-questions at freebsd.org
Subject: One OR MORE of source and destination addresses?

Color me confused. The ipfw manual says:

    limit {src-addr | src-port | dst-addr | dst-port} N
    The firewall will only allow N connections with the same set of
    parameters as specified in the rule. One or more of source and
    destination addresses and ports can be specified.

If "One or more of source and destination addresses and ports can be
specified", then I'd like to limit both the total amount of
connections, as
well as per-src. Something like this:

ipfw check-state ipfw add allow tcp from any to me 25 setup limit
dst-addr
32 src-addr 8

The error I get is:

"ipfw: only one of keep-state and limit is allowed"

So, how can I specify "One OR MORE of source and destination
addresses" in
the rule to achieve this effect?

Thanks,

- Mark

_______________________________________________
freebsd-questions at freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"



More information about the freebsd-questions mailing list