View Single Post
  #4   (View Single Post)  
Old 5th February 2010
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,125
Default

I don't know any of those download managers, the only one download manager I know is ftp, and that is blocked by this pf.conf

So it is time to print out and study the pf.conf man page. The following should give you a start.
Code:
   For stateful TCP connections, limits on established connections (connec-
     tions which have completed the TCP 3-way handshake) can also be enforced
     per source IP.

     max-src-conn <number>
           Limits the maximum number of simultaneous TCP connections which
           have completed the 3-way handshake that a single host can make.
     max-src-conn-rate <number> / <seconds>
           Limit the rate of new connections over a time interval.  The con-
           nection rate is an approximation calculated as a moving average.

     Because the 3-way handshake ensures that the source address is not being
     spoofed, more aggressive action can be taken based on these limits.  With
     the overload <table> state option, source IP addresses which hit either
     of the limits on established connections will be added to the named
     table.  This table can be used in the ruleset to block further activity
     from the offending host, redirect it to a tarpit process, or restrict its
     bandwidth.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote