Re: Firewall rules that discriminate by connection duration
From: Vlad GALU (vladgalu_at_gmail.com)
Date: Wed, 10 Nov 2004 13:23:21 +0200 To: Brett Glass <email@example.com>, firstname.lastname@example.org
On Tue, 9 Nov 2004 20:10:30 -0700 (MST), Brett Glass <email@example.com> wrote:
> I'm interested in crafting firewall rules that throttle connections
> that have lasted more than a certain amount of time. (Most such
> connections are P2P traffic, which should be given a lower priority
> than other connections and may constitute network abuse.) Alas, it
> doesn't appear that FreeBSD's IPFW can keep tabs on how long a
> connection has been established. Is there another firewall for
> FreeBSD that can?
All firewalls in FreeBSD can, actually. It's part of the stateful
inspection feature. The only thing they lack is a match parameter
based on the timer.
> --Brett Glass
> Please think twice when forwarding, cc:ing, or bcc:ing
> security-team messages. Ask if you are unsure.
> firstname.lastname@example.org mailing list
> To unsubscribe, send any mail to "email@example.com"
-- If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it. _______________________________________________ firstname.lastname@example.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "email@example.com"