• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall rules advanced options

Scheduled Pinned Locked Moved Firewalling
5 Posts 4 Posters 12.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    m1s1u
    last edited by Nov 10, 2005, 1:55 PM

    I have a question about "Advanced Options" section in firewall rules editor.
    I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

    1 Reply Last reply Reply Quote 0
    • S
      sullrich
      last edited by Nov 10, 2005, 4:13 PM

      @m1s1u:

      I have a question about "Advanced Options" section in firewall rules editor.
      I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

      IIRC they are all per src host.

      1 Reply Last reply Reply Quote 0
      • B
        billm
        last edited by Nov 11, 2005, 4:32 AM

        @m1s1u:

        I have a question about "Advanced Options" section in firewall rules editor.
        I know that "Maximum state entries per host" works per host (as it is named). How about "Simultaneous client connection limit" and "Maximum new connections / per second", do they work per host or not?

        The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

        –Bill

        pfSense core developer
        blog - http://www.ucsecurity.com/
        twitter - billmarquette

        1 Reply Last reply Reply Quote 0
        • L
          Leoandru
          last edited by Feb 1, 2006, 4:37 PM Feb 1, 2006, 4:19 PM

          @billm:

          The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

          –Bill

          Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

          EDIT:

          What about an option for limiting the total number of connections per source? "max-src-conn"
          In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

          1 Reply Last reply Reply Quote 0
          • S
            sullrich
            last edited by Feb 1, 2006, 4:42 PM

            @Leoandru:

            @billm:

            The client connection limit and max connections/second are for the rule.  Soooo if client connection limit is set to 10, you can have 10 state entries total, it could be 10 from one host, or one each from 10 hosts.  New connections/second works the same way.

            –Bill

            Is it possible to have the Simultaneous client connection limit work on a per host basis? It would be a nice feature. I have been having problems lately with persons running bittorrent opening many connections all at the same time.

            EDIT:

            What about an option for limiting the total number of connections per source? "max-src-conn"
            In other words, limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.

            Work up a GUI + filter.inc patch and we will entertain it.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              [[user:consent.lead]]
              [[user:consent.not_received]]