Исходное сообщение
"Ограничение по количеству сессий" Отправлено RSG, 06-Фев-07 17:44
> при использовании ipfw queue +limit > >${fwcmd} pipe "${rule}1" config bw ${bwf_out}Kbit/s >${fwcmd} pipe "${rule}2" config bw ${bwf_in}Kbit/s >${fwcmd} queue "${rule}1" config pipe "${rule}1" >${fwcmd} queue "${rule}2" config pipe "${rule}2" >${fwcmd} add "${rule}3" queue "${rule}3" all from $ip to any via "${if_shape}" >limit src-addr ${N_con} >${fwcmd} add "${rule}4" queue "${rule}4" all from any to $ip via "${if_shape}" >limit dst-addr ${N_con} > > происходит такая штука, > уже существующие сессии при появлении новых - просто обрываються, > пример: N_con=10, ssh(2 минуты в idle) при отрытии http(4-8 connections), ssh >- обрываеться. > >есть идеи ? Limit относится к stateful firewall man ipfw STATEFUL FIREWALL      Stateful operation is a way for the firewall to dynamically create rules      for specific flows when packets that match a given pattern are detected.      Support for stateful operation comes through the check-state, keep-state      and limit options of rules. ....      Dynamic rules expire after some time, which depends on the status of the      flow and the setting of some sysctl variables.  See Section SYSCTL      VARIABLES for more details.  For TCP sessions, dynamic rules can be      instructed to periodically send keepalive packets to refresh the state of      the rule when it is about to expire.