Re: Firewall rules that discriminate by connection duration

看板FB_security作者時間21年前 (2004/11/11 20:30), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/6 (看更多)
On Tue, Nov 09, 2004 at 08:10:30PM -0700, Brett Glass wrote: > I'm interested in crafting firewall rules that throttle connections > that have lasted more than a certain amount of time. (Most such > connections are P2P traffic, which should be given a lower priority > than other connections and may constitute network abuse.) Alas, it > doesn't appear that FreeBSD's IPFW can keep tabs on how long a > connection has been established. Is there another firewall for > FreeBSD that can? Problem with P2P is not that connections take long time, but that there are plenty of them. You may consider using patch I posted on freebsd-ipfw@ few days ago to lower weight of flows using dummynet, if number of connections is greater than N per host, for example. -- Pawe댠Ma豉chowski _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 pawmal-posti. 的文章
文章代碼(AID): #11arjz00 (FB_security)
討論串 (同標題文章)
完整討論串 (本文為第 4 之 6 篇):
排序: 最新先 | 最舊先 | 留言數
在新視窗開啟完整討論串 (共6篇)
更多 pawmal-posti. 的文章
文章代碼(AID): #11arjz00 (FB_security)