Hello Darren After testing the "pps 1" statement on ipfilter on a solaris 9 machine, i get the following error when trying to set up the rules:
content of ipf.rules pass in quick proto udp from any to 169.some address port = 1645 pps 1 [EMAIL PROTECTED] # ipf -Fa -f ipf.rules 1: unknown words at end: [pps 1 ] ipf: ipf.rules: parse error (-1), quitting and that's it! what could be wrong? it doesn't seem to recognize the pps parameter! ¿Tienes alguna duda en tu VIDA? www.howstuffworks.com If You Ask Me A Fu**in' Question You'd Better Be Prepared For The Answer Noel Gallagher Oasis Frontman 17/10/02 ----- Original Message ---- From: Antonio Montani Jimenez <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Sent: Wednesday, July 23, 2008 10:12:06 PM Subject: Re: time limit on ipfilter (like iptables) thanks a lot Darren! exactly what I needed! :) ¿Tienes alguna duda en tu VIDA? www.howstuffworks.com If You Ask Me A Fu**in' Question You'd Better Be Prepared For The Answer Noel Gallagher Oasis Frontman 17/10/02 ----- Original Message ---- From: Darren Reed <[EMAIL PROTECTED]> To: Antonio Montani Jimenez <[EMAIL PROTECTED]> Cc: [email protected] Sent: Wednesday, July 23, 2008 6:24:04 PM Subject: Re: time limit on ipfilter (like iptables) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Antonio Montani Jimenez wrote: | Hello everyone. | I have been searching for a while on the net but have not found anything similar to what i need. | I have a management server that must authenticate to a RADIUS server. When the MGT sends the auth request, the RADIUS server answers in about 2 seconds. The issue is that the MGT server will send a new request 1 second after the first one, and the RADIUS server will not reply and block the address because it is receiving 2 requests from the same server and it thinks there is a security breach. | I thought I could use the --limit option on iptables (will allow the server to send ONLY one request per second and block the rest), but i'm working on Solaris, and what I found was ipfilter, not iptables. I have not, however, find a similar option that limits the ammount of determinate packets on a time basis (1 udp packet going to some port will pass only every 2 seconds) | Is there a feature that will support this? I think what you want is: pass in quick proto udp from any to radius_server port = radius_port pps 1 (pps = packets per second) Darren -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiHr4QACgkQP7JIXtvLbFUktgCeLgoWBB8/5tk1J4AnkD7MBS0M W5QAoObHOXM3nXii8LhlnIodfkwRT6wi =Z+S/ -----END PGP SIGNATURE-----
