Alternative for iptables

[vamos]

Hi, does someone have an alternative of this for ipfw?

iptables -N SYN-LIMIT
iptables -A SYN-LIMIT -m hashlimit --hashlimit 50/second --hashlimit-mode srcip --hashlimit-name SYN-LIMIT -j RETURN
iptables -A SYN-LIMIT -j DROP
iptables -I INPUT -p tcp --dport 80 --syn -j SYN-LIMIT
iptables -I INPUT -p tcp --dport 80 -m connlimit --connlimit-above 10 -j REJECT --reject-with tcp-reset

 

[kpa]

Not everyone here is that familiar with iptables, could you explain what those rules are supposed to do? It looks to me like you're limiting the connection rate based on destination port and that is surely doable with ipfw(8) but since I haven't used iptables in years I'm not sure if that's your intent.