Thread: PF: limit number of incoming connectios during some time period
View Single Post
  #1   (View Single Post)  
Old 8th November 2017
Lexus45 Lexus45 is offline
Port Guard
  
Join Date: May 2010
Location: Kurgan, Russia
Posts: 39
Default PF: limit number of incoming connectios during some time period
Hello all.

I wonder if there's an ability in PF like this one in iptables:
Code:
--dport 80 -m hashlimit --hashlimit-name WEBSRV --hashlimit-mode srcip --hashlimit-above 3/minute --hashlimit-htable-expire 120000 -j DROP
I read this http://man.openbsd.org/pf.conf.5#max-src-conn
And tried (don't worry, this is a VM and I have a "physical" access to it ):
Code:
pass in on $ext_if proto tcp from any to any port 22 keep state max-src-conn-rate 2/60
... but got en error while parsing the ruleset:
Code:
/etc/pf.conf:22: syntax error
Reply With Quote