I know where you're heading with this, and every pass rule can specify the number of connections, as well as other things.
man pf.conf for details, but this was taken right from it: pass in proto tcp from any to any \ port www flags S/SA keep state \ (max 100, tcp.established 60, tcp.closing 5) Enjoy. Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Tel. 07855 805 271 http://www.devitto.com mailto:[EMAIL PROTECTED] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Yusuf Goolamabbas Sent: Thursday, December 11, 2003 12:31 PM To: [EMAIL PROTECTED] Subject: Anything approximating ipfw 'limit' mechanism Hi, Is there anything planned for pf or available right now which can approximate FreeBSD's ipfw 'limit' mechanism limit {src-addr | src-port | dst-addr | dst-port} N The firewall will only allow N connections with the same set of parameters as specified in the rule. One or more of source and destination addresses and ports can be specified. Nice to have, limits per /24. ie, N connections from any or defined /24 coming in Regards, Yusuf -- If you're not using Firebird, you're not surfing the web you're suffering it http://www.mozilla.org/products/firebird/why/