On Wed, 15 Sep 2004, Eric W. Bates wrote: > > > Sten Spans wrote: > > > > > What about: > > > > ipfw add allow tcp from evil/24 to any port 445 setup limit src-addr 4 > > ipfw add allow tcp from evil/24 to any port 139 setup limit src-addr 4 > > > > To limit the amount of evil connections, place above the regular > > keep-state rule. > > > > > > That looks good. I should have RTFM. > > Is it reasonable to try something like: > > ipfw add allow tcp from evil/24 to any dst-port 80 setup limit src-addr 100 > > Anyone ever figured out what the average/max number of simultaneous > dynamic rules needed to support an http session?
Normally a http request is one tcp connection, some browsers open more connections to speed things up. You could add special rules for avupdate-host.norton.com or somesuch. An even better solution would be a (transparent) proxy setup, with allow rules for *.norton.com in the proxy software. The kind of restrictions you are trying to enforce are quite a bit easier achieve with propper userland proxy software. -- Sten Spans "There is a crack in everything, that's how the light gets in." Leonard Cohen - Anthem _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
