Firewall rules advanced options



  • I have a question about "Advanced Options" section in firewall rules editor.
    I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?



  • @m1s1u:

    I have a question about "Advanced Options" section in firewall rules editor.
    I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

    IIRC they are all per src host.



  • @m1s1u:

    I have a question about "Advanced Options" section in firewall rules editor.
    I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

    The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

    –Bill



  • @billm:

    The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

    –Bill

    Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

    EDIT:

    What about an option for limiting the total number of connections per source? "max-src-conn"
    In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.



  • @Leoandru:

    @billm:

    The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

    –Bill

    Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

    EDIT:

    What about an option for limiting the total number of connections per source? "max-src-conn"
    In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

    Work up a GUI + filter.inc patch and we will entertain it.


Locked