[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: <table> matching



Ed White wrote:

On Friday 11 April 2003 12:35, Cedric Berger wrote:


Tip: with "pfctl -t normal_ext -vTs" you will be able to see the number
of packets/bytes that will go to or come from any of your IP addresses.


This means that it could be possible to create different states-number-limit for each value of a table... letting IP 1.1.1.1 create 4 TCP valid connections while IP 2.2.2.2 only 1 and dropping other starting connections.

The same could be done with port numbers inside a table, accepting only 1 valid connection from the same IP.

Could this be planned for 3.4 ?


Possible: yes, but the issue is we don't want to put too much bloat in there.
It seem to me it is easy to do what you want by just creating more than one
table, one for IPs that can create 1 state, and one for IPs which can create 4
states and so on.
We don't want to duplicate all the rule options into table address flags..
Cedric