View Single Post
  #6   (View Single Post)  
Old 4th December 2013
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,895
Default

I just did some testing; you are correct, the syntax permits overload to be specified but pfctl(8) will insist on max-src-conn or max-src-conn-rate. Nor will pfctl permet max-src-conn or max-src-nodes set to 0.

If you want to create a honeypot using PF as designed, you're going to have to permit at least one connection. Consider redirecting traffic to a tarpit listener.
Reply With Quote