Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 13th January 2018
bryn1u bryn1u is offline
Port Guard
Join Date: May 2009
Posts: 19
Default PF - connection limit per ip

Hello guys,

Im reading about connection restricion per ip source.
stossh   ="(max 100,   source-track rule, max-src-conn 10,  max-src-conn-rate  5/200, overload <bruteforce> flush global)"
Am i translating well ? If not please correct me. Max 100 connection from all. Max 10 established connection per ip ? Max 5 connections per ip in 200 sec ?
And using it for:
pass in on $ext_if proto tcp from any to any port { 22 }   $stossh
But what about udp ? For example voice server connection. I want to limit connection on port 64738 (Mumble server)
Can i do something like example above ?
stovoice = "(max 100,   source-track rule, max-src-conn 10,  max-src-conn-rate  5/200, overload <bruteforce> flush global)"
And use it for:
pass in on $ext_if proto udp from any to any port { 64738 } $stovoice
If i good understand - mac-src-conn it's only for source ip but established. What about udp ? I just want to only limit connection per ip for example 5 ips.
Thank you.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Memory limit jaax NetBSD General 2 19th February 2011 11:21 AM
Bandwidth limit per IP PatrickBaer OpenBSD General 13 22nd February 2010 07:38 PM
Working dial-up connection - No Client Connection vigol FreeBSD General 5 22nd November 2009 10:59 PM
Limit Bandwidth (not throughput) plexter OpenBSD Security 5 9th October 2008 05:10 PM
pop3d: Maximum connection limit reached for ... kheled FreeBSD General 1 25th June 2008 05:16 PM

All times are GMT. The time now is 03:13 PM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick