Bill Moran wrote:
>>> My whole console is flooded with messages like these:
>>>
>>> "ipfw: install_state: entry already present, done"
>>>
>>> Is there a known patch?
>>
>> I just took a look at the code:
>>
>> if (q != NULL) { /* should never occur */
>> if (last_log != time_second) {
>>
Bill,
Thanks for the feedback. I've been programming embedded systems
for almost 20 years, so I have a natural aversion to apparently
simple changes that "make things work" :-)
The nicest high-level code I've ever seen in the source to Tcl - if
only all code looked like that.
I've been playing w
"Ralph Hempel" <[EMAIL PROTECTED]> wrote:
>
> > I just took a look at the code:
> >
> > if (q != NULL) { /* should never occur */
> > if (last_log != time_second) {
> >last_log = time_second;
> >printf("ipfw: install_state: entry already present, done\n");
> > }
> > return 0;
> >
Mark <[EMAIL PROTECTED]> wrote:
> Mark wrote:
>
> > Bill Moran wrote:
> >
> >> How about using skipto instead of allow? Thus, if it passes the
> >> first one, it can just skipto the next rule to be checked. i.e.:
> >>
> >> ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
> >>
> I just took a look at the code:
>
> if (q != NULL) { /* should never occur */
> if (last_log != time_second) {
>last_log = time_second;
>printf("ipfw: install_state: entry already present, done\n");
> }
> return 0;
> }
>
> What if I just hack the "printf ..." line out of there?
Mark wrote:
> Bill Moran wrote:
>
>> How about using skipto instead of allow? Thus, if it passes the
>> first one, it can just skipto the next rule to be checked. i.e.:
>>
>> ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
>> ipfw add 12 allow tcp from any to me 25 setup limi
Bill Moran wrote:
> How about using skipto instead of allow? Thus, if it passes the
> first one, it can just skipto the next rule to be checked. i.e.:
>
> ipfw add 11 skipto 12 tcp from any to me 25 setup limit dst-addr 32
> ipfw add 12 allow tcp from any to me 25 setup limit src-addr 4
>
> Th
Bill Moran wrote:
>> Mark wrote:
>>
>>> The goal is simple: I want to limit connections to port 25 to 32 in
>>> total, targeted at "me". And of those 32, only 4 per source. Like
>>> so:
>>>
>>> ipfw add 1 check-state
>>> ...
>>> ipfw add 11 allow tcp from any to me 25 setup limit dst-addr 32
>>
Mark <[EMAIL PROTECTED]> wrote:
> Mark wrote:
>
> > The goal is simple: I want to limit connections to port 25 to 32 in
> > total, targeted at "me". And of those 32, only 4 per source. Like so:
> >
> > ipfw add 1 check-state
> > ...
> > ipfw add 11 allow tcp from any to me 25 setup limit dst-addr
Mark wrote:
> The goal is simple: I want to limit connections to port 25 to 32 in
> total, targeted at "me". And of those 32, only 4 per source. Like so:
>
> ipfw add 1 check-state
> ...
> ipfw add 11 allow tcp from any to me 25 setup limit dst-addr 32
> ipfw add 12 allow tcp from any to me 25 set
JJB wrote:
> Your rules are all wrong. You really need to reread the ipfw manual
> page info. Only one check-state rule is used. Your other check-state
> rule is never matched.
Ok, I got a check-state too many.
> To get meaningful replies you have to post complete information
> about your system
PROTECTED]
Subject: Re: One OR MORE of source and destination addresses?
[my apologies for the resent; my last reply had an unfortunate wrap]
Mark wrote:
> Color me confused. The ipfw manual says:
>
> limit {src-addr | src-port | dst-addr | dst-port} N
> The firewall will
[my apologies for the resent; my last reply had an unfortunate wrap]
Mark wrote:
> Color me confused. The ipfw manual says:
>
> limit {src-addr | src-port | dst-addr | dst-port} N
> The firewall will only allow N connections with the same set of
> parameters as specified in the rule.
Mark wrote:
> Color me confused. The ipfw manual says:
>
> limit {src-addr | src-port | dst-addr | dst-port} N
> The firewall will only allow N connections with the same set of
> parameters as specified in the rule. One or more of source and
> destination addresses and ports can be specified.
>
Like the manual says, you can not code both options on single rule.
You have to make 2 rules out of it.
state ipfw add allow tcp from any to me 25 setup limit dst-addr 32
state ipfw add allow tcp from any to me 25 setup limit src-addr 8
-Original Message-
From: [EMAIL PROTECTED]
[mailto
15 matches
Mail list logo