Quote:
Originally Posted by bryn1u
If i good understand - mac-src-conn it's only for source ip but established. What about udp ?
|
There are no problems with the udp protocol.
You can set restrictions with one line for two protocols (tcp and udp) at the same time, and the S/SA keep state flags are automatically set for tcp proto, and the keep state are used by udp.
Code:
table <bruteforce> persist
restrict="(max 100, source-track rule, max-src-conn 10, max-src-conn-rate 5/200, overload <bruteforce> flush global)"
pass in on $ext_if proto { tcp udp } from any to ($ext_if) port { domain } flags S/SA keep state $restrict