View Single Post
  #1   (View Single Post)  
Old 14th April 2010
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default PF and Stateful Tracking Options

I want use PF for firewall for webserver , our webserver is Apache
I read this link
http://www.openbsd.org/faq/pf/filter.html

but I can not understand this section
Code:
An example:

    table <abusive_hosts> persist
    block in quick from <abusive_hosts>

    pass in on $ext_if proto tcp to $web_server \
        port www flags S/SA keep state \
        (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush) 

This does the following:

    * Limits the maximum number of connections per source to 100
    * Rate limits the number of connections to 15 in a 5 second span
    * Puts the IP address of any host that breaks these limits into the <abusive_hosts> table
    * For any offending IP addresses, flush any states created by this rule.
So I understand this
For example if some user with this IP
192.168.0.52
connect to my web server , he or she can only open 15 pages in 5 second ,if he or she open new pages , pf block him.

and I understand this
user with 192.168.0.53 can not open than 15 pages or can not connect more than 15 connection in 5 second .

Am I right ?
Do I understand good this?,
with this rule I each IP can have 15 connection in 5 second .
please someone explain this section better for me
__________________
http://www.mfaridi.com
First site about FreeBSD and OpenBSD in persian or Farsi.
Reply With Quote