ipfw - limit other networks
Nikos Vassiliadis
nvass at teledomenet.gr
Wed Jun 6 10:55:33 UTC 2007
On Wednesday 06 June 2007 13:15, Freminlins wrote:
> Hi,
>
> I am trying to limit the number of connections from "foreign" networks
> to a server. I don't want to limit bandwidth, just the number of
> connections. Let's say I have a network 192.168.1.0/24. I want to allow
> 192.168.2.0/24 to have at most 50 connections. I want to allow
> 192.168.3.0/24 to have 20 connections. And so on. Is this even possible?
> Some applications can do this but I would prefer to do this at the
> network level.
Yes, it is possible. The keyword is 'limit'. From the ipfw manual:
limit {src-addr | src-port | dst-addr | dst-port} N
The firewall will only allow N connections with the same set of
parameters as specified in the rule. One or more of source and
destination addresses and ports can be specified. Currently,
only IPv4 flows are supported.
HTH, Nikos
More information about the freebsd-questions
mailing list