[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

One OR MORE of source and destination addresses?



Mark wrote:

> The goal is simple: I want to limit connections to port 25 to 32 in
> total, targeted at "me". And of those 32, only 4 per source. Like so:
>
> ipfw add 1 check-state
> ...
> ipfw add 11 allow tcp from any to me 25 setup limit dst-addr 32
> ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4
>
> Please, tell me then how "all wrong" this is. Because I *still* get
> the impression that rule 12 is never reached. And, so far, "ipfw
> show" does, indeed, only show activity on rule 11.

If at all possible, I would still like to hear a suggestion as to how to
combine the two rules. From my pov, the first "allow" in rule 11 makes a
packet pass, provided there are less then 32 connections in total. Thus,
rule 12 never gets invoked (which, indeed, seems to be the case).

Someone suggested to me I was at fault for numbering the rules. Quite
frankly, that does not compute to me, as ipfw autonumbers anyway (in default
steps of 100, I believe). Seriously, I do not mind hearing how "all wrong"
my rules are; but, at the same time, I have not heard a proper way of doing
this.

I appreciate suggestions,

- Mark