i suggest to implement in kernel. no 'kill states/modify rules' needed . it is not too complex to do it in kernel. (500 lines for TCP source limit is enough) make a flowlimit_check hook before 'create states code' in pf_test_tcp(). don't create any states in pf_test_tcp() if the limitation of the source reach the maximum value. you needed to increase or decrease the limit counter of the source address if the related TCP state enter ESTABLISHED state or CLOSED/FIN_WAIT state.
----- Original Message ----- From: "Can Erkin Acar" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 17, 2003 8:58 PM Subject: Re: source limit > Perhaps this can be implemented in userland? > A deamon listening on pfsync could track states/hosts > and kills states/modifies rules depending on any criteria you > care to define. Better than adding more complexity to the kernel code. > > Can >
