Subject: Re: Session limit
To: None <tech-net@NetBSD.org>
From: Henning Brauer <firstname.lastname@example.org>
Date: 04/05/2006 15:40:11
* der Mouse <mouse@Rodents.Montreal.QC.CA> [2006-04-04 16:42]:
> [top-posting fixed up manually]
> >>> is it possible to limit active sessions number by IP address[?]
> >> Maybe. What's a "session"? [some possibilities]
> > I mean for all TCP sessions. [both NATted and not]
> Hm. I don't know of any way to limit NAT state per IP, but such a
> thing could exist. Since the kernel keeps no state for non-NATted
> connections (ie, connections for which it's acting as an ordinary IP
> router), I doubt you'll find any way to impose the limit you want for
pf can limit teh number of states per rule. this can be used for this.
note that when a rule reached its maximum states, it simply will not
match any more, i. e. the rule set is examined further.
Henning Brauer, email@example.com, firstname.lastname@example.org
BS Web Services, http://bsws.de
OpenBSD-based Webhosting, Mail Services, Managed Servers, ...