Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Subnet_qos all -- 0.0.0.0/0 0.0.0.0/0
l7-filter all -- 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 192.168.1.64 0.0.0.0 MARK match 0x100 #conn/32 > 300
DROP tcp -- 0.0.0.0 192.168.1.64 MARK match 0x100 #conn/32 > 300
Chain l7-filter (1 references)
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0x100
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto bittorent MARK set 0x100
simple conlimit 5 0.0.0.0 192.168.0.10 1:65535
simple conlimit 5 192.168.0.10 0.0.0.0 1:65535
Chain POSTROUTING (policy ACCEPT 18M packets, 8287M bytes)
pkts bytes target prot opt in out source destination
18M 8287M Subnet_qos all -- * * 0.0.0.0/0 0.0.0.0/0
18M 8287M l7-filter all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 192.168.0.10 0.0.0.0 MARK match 0x100 #conn/32 > 300
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.10 MARK match 0x100 #conn/32 > 300
0 0 DROP tcp -- * * 192.168.0.10 0.0.0.0 MARK match 0x100 #conn/32 > 300
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.10 MARK match 0x100 #conn/32 > 300
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.10 tcp dpts:1000:65535 #conn/32 > 300
0 0 DROP tcp -- * * 192.168.0.10 0.0.0.0 tcp dpts:1000:65535 #conn/32 > 300
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.10 tcp dpts:1000:65535 #conn/32 > 300
0 0 DROP tcp -- * * 192.168.0.10 0.0.0.0 tcp dpts:1000:65535 #conn/32 > 300
Here im seeying some trouble....
You have replicated the same rules all the times....
eddy escreveu:I saw that the connlimit package from nachazo works only when I write the IP adress/subnet. ex. 192.168.10.1/32 not only 192.168.10.1 or for all IP adresses 0.0.0.0/0 not only 0.0.0.0
Another problem is that connlimit stops if a command "reload firewall" is given.
Another problem is that connlimit stops if a command "reload firewall" is given.
I started a ftp download from a server and I can't run second download. That's good. But when I close the connection I still can't establish anouther connection, maybe until it's closed from the BFW.
Chain POSTROUTING (policy ACCEPT 6755 packets, 2587K bytes)
pkts bytes target prot opt in out source destination
6755 2587K Subnet_qos all -- * * 0.0.0.0/0 0.0.0.0/0
6755 2587K l7-filter all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0x100
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares MARK set 0x100
0 0 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto directconnect MARK set 0x100
0 0 DROP tcp -- * * 192.168.1.0/24 0.0.0.0 tcp dpt:64000 #conn/32 > 200
9 4895 MARK all -- * * 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK set 0x100
0 0 DROP tcp -- * * 192.168.0.2 0.0.0.0 MARK match 0x100 #conn/32 > 5
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.2 MARK match 0x100 #conn/32 > 5
Chain POSTROUTING (policy ACCEPT 581 packets, 194K bytes)
pkts bytes target prot opt in out source destination
581 194K Subnet_qos all -- * * 0.0.0.0/0 0.0.0.0/0
581 194K l7-filter all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 192.168.0.0/24 0.0.0.0 tcp dpts:1:65535 #conn/32 > 5
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.0/24 tcp dpts:1:65535 #conn/32 > 5
Chain POSTROUTING (policy ACCEPT 1490 packets, 384K bytes)
pkts bytes target prot opt in out source destination
1490 384K Subnet_qos all -- * * 0.0.0.0/0 0.0.0.0/0
1490 384K l7-filter all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 192.168.0.2 0.0.0.0 tcp dpts:1:65535 #conn/32 > 5
0 0 DROP tcp -- * * 0.0.0.0 192.168.0.2 tcp dpts:1:65535 #conn/32 > 5
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Subnet_qos all -- 0.0.0.0/0 0.0.0.0/0
l7-filter all -- 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 0.0.0.0 192.168.0.2 MARK match 0x100 #conn/32 > 5
DROP tcp -- 192.168.0.2 0.0.0.0 MARK match 0x100 #conn/32 > 5
DROP tcp -- 0.0.0.0 192.168.0.0/24 tcp dpt:80 #conn/32 > 2
DROP tcp -- 192.168.0.0/24 0.0.0.0 tcp dpt:80 #conn/32 > 2
DROP tcp -- 0.0.0.0 192.168.0.2 tcp dpt:80 #conn/32 > 2
DROP tcp -- 192.168.0.2 0.0.0.0 tcp dpt:80 #conn/32 > 2
Chain Subnet_qos (1 references)
target prot opt source destination
Chain l7-filter (1 references)
target prot opt source destination
DROP all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto fasttrack
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto edonkey MARK set 0x100
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto ares MARK set 0x100
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto directconnect MARK set 0x100
MARK all -- 0.0.0.0/0 0.0.0.0/0 LAYER7 l7proto http MARK set 0x100
553 192.168.0.2
# ---------------------------------------------------------------------------
#
# NEW COMMAND
#
# Recommended for old Pentium processors
#
# Example 1: limit to 500 connections the port range 64000-65535 for all ips
# simple_conlimit 500 0.0.0.0 0.0.0.0 64000:65535
#
# Example 2: limit to 100 connections port 4662 (emule) for the destination
# ip 192.168.1.48
# simple_conlimit 100 0.0.0.0 192.168.1.48 4662
#
###############################################################################
simple_conlimit 2 0.0.0.0 192.168.0.2 80 #
madoxx escreveu:I run edonkey have much then 50 conection, and i cant open WWW.
Voltar para BrazilFW 2.x - English Forum
Usuários navegando neste fórum: Nenhum usuário registrado e 1 visitante