Re: Limit number of outgoing connections
This is a discussion on Re: Limit number of outgoing connections within the IPFilter forums, part of the System Security and Security Related category; Toomas Aas wrote: > Hello! > > I have an internal network behind a gateway running ipfilter/ipnat. Is > ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
12-22-2006
|
|||
|
|||
Re: Limit number of outgoing connections
Toomas Aas wrote:
> Hello! > > I have an internal network behind a gateway running ipfilter/ipnat. Is > it possible to limit the number of simultaneous outgoing connections > per internal client? For example, if some client runs something like > eMule or bittorrent it creates a lot of outgoing connections which are > passed by a 'keep state' filter rule, and I'm afraid it fills up the > state table. You can define a limit per-rule, like this: pass in proto tcp from any to any port 6881:6889 flags S keep state (limit 10) pass out proto tcp from any to any port 6881:6889 flags S keep state (limit 10) To limit inbound and outbound bittorrent connections to 10 each. You can also over commit with rules, so that if your state table had a max size of 100 but you had a rule like this: pass in proto tcp from any to any port 6881:6889 flags S keep state pass in proto tcp from any to any port = ssh flags S keep state (limit 10) Will *always allow* upto 10 ssh connections, even if there are 100 bittorrent connections. Darren 
|
Linear Mode
