You can define a limit per-rule, like this:
pass in proto tcp from any to any port 6881:6889 flags S keep state
(limit 10)
Hello Darren,
would you please elaborate more on the ####:#### port syntax? Must the
(limit N) syntax be always combined with a port construct?
pass in proto tcp from any to any port 6881:6889 flags S keep state
pass in proto tcp from any to any port = ssh flags S keep state (limit
10)
Will *always allow* upto 10 ssh connections, even if there are 100
bittorrent
connections.
Wouldn't it be cleaner to increase the size of the state table via an IPF
directive?
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
