change specific linux iptables rule set to ipfw rule set
Julian Elischer
julian at elischer.org
Thu Nov 13 16:50:15 PST 2008
Son, Yeongsik wrote:
> One of linux server contains rule set like these:
>
> iptables -A INPUT -p tcp --syn --dport 80 - m connlimit --conlimit-above 20
> -j DROP
> iptables -A INPUT -m recent --name KIN -rcheck --seconds 300 -j DROP
> iptables -A INPUT -p tcp --syn --dport 80 -m connlimit --connlimit-above 5
> -m recent --name KIN -set -j DROP
>
> simply means,
> drop ip try to connect tcp port 80 over 20 connections.
> when it happens, drop ip for 5 minutes.
>
> iptables -A INPUT -p udp --dport 53 -m length --length 512:65535 -j DROP
>
> briefly,
> drop ip try to connect udp port 53 which packet length is 512 ~ 65535.
>
> I want using those rules on freebsd servers, but I don't know those kind of
> sophisticated functions of ipfw.
>
> Is that possible freebsd?
not in ipfw but I think pf can do that.
Some people may have done that with ipfw using an external agent,
but I don't know who/how.
>
> Let me share your knowledge.
> _______________________________________________
> freebsd-ipfw at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-ipfw
> To unsubscribe, send any mail to "freebsd-ipfw-unsubscribe at freebsd.org"
More information about the freebsd-ipfw
mailing list