* NetOne - Doichin Dokov <[EMAIL PROTECTED]> [2007-11-07 01:57]: > Hello, > > I have an OpenBSD 4.2 box set up to shape clients traffic. Each client gets > limited by these 4 rules: > > pass in on $int_if from $client_ip to any queue client_in > pass out on $int_if from any to $client_ip queue client_out > pass in on $ext_if from any to $client_ip queue client_out > pass out on $ext_if from $client_ip to any queue client_in > > Everything works fine. I now want to limit max states created by each > client in each direction to 300, so i modified the rules to be: > > pass in on $int_if from $client_ip to any (max 300) queue client_in
when a packet matches this rule, but there are already 300 states from this rule, the result is a non-match. you need to decide what to do with excess states and put rules in. it could be sth like block from $a to $b pass from $a to $b keep state (max 300) to block 'em. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg & Amsterdam
