Quote:
Originally Posted by mfaridi
...I understand this
user with 192.168.0.53 can not open than 15 pages or can not connect more than 15 connection in 5 second .
Am I right ?
Do I understand good this?,
|
Yes, you are right, but ....
only because each web page request from a browser uses a separate HTTP session.
(PF does not know anything about applications. All it knows is TCP/IP. Other application abuse may or may not be manageable with PF.)
In this example you reference, abusers get their IP address added to the "abusive_hosts" table, they get blocked, and their existing sessions get killed.
The "abusive_hosts" table is in kernel memory, and not stored in a file, so a restart of the OS will start with an empty table. To make it permanent, you can add pfctl commands to /etc/rc.shutdown to store the table in a file, and use the "file" option of the table command in pf.conf, to load the table from the file at start up. These are described in pfctl(8) and pf.conf(5).