IPFW 'keep state' & 'limit'
Dan Pelleg
daniel+bsd at pelleg.org
Wed Jan 14 06:47:26 PST 2004
"fbsd_user" <fbsd_user at a1poweruser.com> writes:
> Reading the man page on IPFW rule syntax, I get the impression that
> the 'limit' option uses the stateful dynamic rules table. But it's
> unclear whether 'keep state' and limit can be used on the same rule,
> or if the limit option performs the 'keep state' function in
> addition to the limit function.
>
> So as an example
>
> $cmd 00390 allow tcp from any to any 22 in via dc0 setup keep-state
> limit src-addr 3
>
> will this work?
>
limit implies keep-state, and you should really specify one or the
other. If you specify both, ipfw won't complain, but ipfw2 will. So it's
best to not do that.
--
Dan Pelleg
More information about the freebsd-questions
mailing list