that should according to how to code it. if( flowlimit_enable ) flowlimit_check( m, ....); i implemented in freebsd not in openbsd. :) btw, it do check only when session is creating & destorying. one more advantage is that the new TCP connection which exceed the limitatation will not be reset but packet was dropped. In this way, the TCP connection can connect to server as soon as one of the same source IP state was deleted.
----- Original Message ----- From: "Jedi/Sector One" <[EMAIL PROTECTED]> To: "NortonNg" <[EMAIL PROTECTED]> Cc: "Can Erkin Acar" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, March 17, 2003 9:51 PM Subject: Re: source limit > On Mon, Mar 17, 2003 at 09:36:22PM +0800, NortonNg wrote: > > make a flowlimit_check hook before 'create states code' in pf_test_tcp(). > > don't create any states in pf_test_tcp() if the limitation of the source > > reach the maximum value. > > Would it have an impact on PF's performance when that feature would be > disabled? > > -- > __ /*- Frank DENIS (Jedi/Sector One) <[EMAIL PROTECTED]> -*\ __ > \ '/ <a href="http://www.PureFTPd.Org/";> Secure FTP Server </a> \' / > \/ <a href="http://www.Jedi.Claranet.Fr/";> Misc. free software </a> \/ >
