IPFW logging brokeness?
From: Avleen Vig (lists-freebsd_at_silverwraith.com)
Date: Fri, 30 May 2003 15:22:55 -0700 To: firstname.lastname@example.org
I don't think I'm trying to do anything amazing, but IPFW's logging
features are giving me a real headache. I can't find much in the
archives either, but I find it hard to believe others havne't found this
add 100 allow log tcp from any to <my IP> <ports> limit src-addr 2
I want connecting parties to be able to form no more than 2 connection.
This works perfectly, jsut as I'd expect it to.
Except for 'log'.
This rule matches every packet that comes in to the given IP and ports,
and as a result, one line is added to the security log per packet. There
are a lot of packets.
I tried, adding an "add 50 check-state", but that rule doesn't match
(the log just carries on logging packets because they match 100), which
is very odd.
All I want is to have the first packet match of a connection match, like
IPF's "log first" capability.
Or, better yet, is there a way to format a rule or set of rules, to say
"deny if established connections is greater than 2".
Logging every one of these packets would be fine.
-- Avleen Vig "Say no to cheese-eating surrender-monkeys" Systems Admin "Fast, Good, Cheap. Pick any two." www.silverwraith.com "Move BSD. For great justice!" _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "firstname.lastname@example.org"