Hello all.
I wonder if there's an ability in PF like this one in iptables:
Code:
--dport 80 -m hashlimit --hashlimit-name WEBSRV --hashlimit-mode srcip --hashlimit-above 3/minute --hashlimit-htable-expire 120000 -j DROP
I read this
http://man.openbsd.org/pf.conf.5#max-src-conn
And tried (don't worry, this is a VM and I have a "physical" access to it
):
Code:
pass in on $ext_if proto tcp from any to any port 22 keep state max-src-conn-rate 2/60
... but got en error while parsing the ruleset:
Code:
/etc/pf.conf:22: syntax error