* Nerius Landys <lan...@nerius.com> [2010-10-26 01:30]: > I'm using synproxy to limit the number simultaneous TCP > connection to a certain application
no, you are not. synproxy has NOTHING to do with limiting the # of connections. that is a generic function of the state keeping code. > During the time when a large download is happening using wget, the > pf state table will have "ESTABLISHED:ESTABLISHED". If wget was in the > process of performing a large download and I hit Ctrl+C (or kill it), > the state table will have "TIME_WAIT:TIME_WAIT". If wget successfully > finishes downloading something, I will see "FIN_WAIT_2:FIN_WAIT_2" in > the state table. welcome to tcp > If there is a way to not count the "FIN_WAIT_2:FIN_WAIT_2" > towards my max-src-conn, please do tell! no, and that would be counterproductive. I'm sure you'll see for yourself why if you think about it for a second. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
