Simultaneous client connection limit

Britz · May 15, 2007, 6:09 AM

Simultaneous client connection limit???

what exactly does that mean
under advanced options when creating a rule

hoba · May 15, 2007, 6:11 AM

It's how many connections per client are allowed to make for the in the rule specified traffic. For example if you want to throttle down smtp worms you could say only allow 2 smtp connections per client at the same time.

Britz · May 15, 2007, 6:45 AM

well i set 15-15-15-300 on my rule that allows all internet traffic (only 1 rule that allows internet traffic)

and i applied settings cleared states and even rebooted box and i can still get 20 connections in my download manager

does this feature even work or am i missing something?

hoba · May 15, 2007, 6:49 AM

Show us the comlete settings of your firewallrule.

Britz · May 15, 2007, 7:02 AM

should i maybe not pm you my config?

sullrich · May 15, 2007, 2:42 PM

This was fixed in the new beta series. Update to the recent snapshot.

Britz · May 15, 2007, 3:10 PM

urm loaded yesterdays snapshot and set it to 1-1-1/1-30 and my download manager still getting 20 connections easily

i must be missing something

thanks

sullrich · May 15, 2007, 4:17 PM

Open up /tmp/rules.debug and find the rule in question and show us what it looks like.

Britz · May 16, 2007, 9:37 AM

pass in quick on $lan route-to { ( rl2 firstfailoverip ) } from any to any keep state ( max-src-nodes 5 max-src-states 5 tcp.established 60 max-src-conn-rate 5 /1, overload <virusprot>flush global ) label "USER_RULE: adsl fail airband"

obviously replace firstfailoverip for my gateways ip address

and with this rule being the only pass i can get 20 connections in my download manager

thanks</virusprot>