[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: <table> matching
Ed White wrote:
On Friday 11 April 2003 12:35, Cedric Berger wrote:Possible: yes, but the issue is we don't want to put too much bloat in
Tip: with "pfctl -t normal_ext -vTs" you will be able to see the numberThis means that it could be possible to create different states-number-limit
for each value of a table... letting IP 22.214.171.124 create 4 TCP valid
connections while IP 126.96.36.199 only 1 and dropping other starting connections.
of packets/bytes that will go to or come from any of your IP addresses.
The same could be done with port numbers inside a table, accepting only 1
valid connection from the same IP.
Could this be planned for 3.4 ?
It seem to me it is easy to do what you want by just creating more than one
table, one for IPs that can create 1 state, and one for IPs which can
states and so on.
We don't want to duplicate all the rule options into table address flags..