Firewall rules that discriminate by connection duration

Brett Glass brett at lariat.org
Tue Nov 9 22:39:01 PST 2004


I'm interested in crafting firewall rules that throttle connections
that have lasted more than a certain amount of time. (Most such
connections are P2P traffic, which should be given a lower priority
than other connections and may constitute network abuse.) Alas, it
doesn't appear that FreeBSD's IPFW can keep tabs on how long a
connection has been established. Is there another firewall for
FreeBSD that can?

--Brett Glass

_______________________________________________________
Please think twice when forwarding, cc:ing, or bcc:ing
security-team messages.  Ask if you are unsure.



More information about the freebsd-security mailing list