Hi, list
Many P2P software use one random source port to connet many many peer nodes,
such as eDonkey/eMule and some P2P video software.
For example:
all udp 10.0.0.8:6269 -> 12.23.34.56:62497 -> 222.130.56.133:5622
SINGLE:NO_TRAFFIC
all udp 10.0.0.8:6269 -> 12.23.34.56:56701 -> 90.12.191.166:61427
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:57232 -> 94.194.101.189:33435
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:54588 -> 113.64.228.32:59347
SINGLE:NO_TRAFFIC
all udp 10.0.0.8:6269 -> 12.23.34.56:61789 -> 58.62.42.114:6261
SINGLE:NO_TRAFFIC
all udp 10.0.0.8:6269 -> 12.23.34.56:57839 -> 137.111.130.173:24170
MULTIPLE:MULTIPLE
all udp 10.0.0.8:6269 -> 12.23.34.56:57759 -> 83.55.53.200:4661
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:50215 -> 219.236.35.19:6269
SINGLE:NO_TRAFFIC
all udp 10.0.0.8:6269 -> 12.23.34.56:62316 -> 219.91.96.153:30104
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:58286 -> 87.220.235.134:17132
MULTIPLE:MULTIPLE
all udp 10.0.0.8:6269 -> 12.23.34.56:51557 -> 90.45.52.226:7571
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:61614 -> 217.132.117.106:46944
MULTIPLE:SINGLE
all udp 10.0.0.8:6269 -> 12.23.34.56:53687 -> 80.13.32.214:4672
MULTIPLE:SINGLE
So could pf limit the maximum number of simultaneous state entries that a
single source IP's source port can create with a rule? (borrow from man pf.conf
:))
If this feature comes true then we could control Internet traffic more easily.
Regards,
Fans
