Rule creation for only one connection at a time

[andrema2]

Hi all

I'm trying to use Greenbone community feed server (Vulnerability Manager). When I try to download its rules it fails. According to their forum their FW is set in a way that only accepts one connection per IP and I should have not a FW or NAT between us. This is impossible for me. Below is how they say their FW is configured:

Code: [Select]

REJECT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 flags:0x17/0x02 #conn src/32 > 1 reject-with tcp-reset
ACCEPT tcp – * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:873 flags:0x17/0x02
I'm connection to their IP 45.135.106.142. Is there any way I can create a rule that would make it work, forcing only one connection at a time and resetting it when finished ?

Thanks

[andrema2]

Hi,

Is it impossible to be accomplished ?

Thanks

[Fright]

it doesn't look like you need to do something on the opn

https://community.greenbone.net/t/no-community-feed/6453/9

that is, it is only a matter of the number of tcp sessions. if your GCE gracefully closes tcp session to OPN, OPN closes the corresponding session to GCF (with corresponding _WAITs).
you can limit number of sessions on pf but it doesn't seem like the problem is this