|
||||
PF and Stateful Tracking Options
I want use PF for firewall for webserver , our webserver is Apache
I read this link http://www.openbsd.org/faq/pf/filter.html but I can not understand this section Code:
An example: table <abusive_hosts> persist block in quick from <abusive_hosts> pass in on $ext_if proto tcp to $web_server \ port www flags S/SA keep state \ (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush) This does the following: * Limits the maximum number of connections per source to 100 * Rate limits the number of connections to 15 in a 5 second span * Puts the IP address of any host that breaks these limits into the <abusive_hosts> table * For any offending IP addresses, flush any states created by this rule. For example if some user with this IP 192.168.0.52 connect to my web server , he or she can only open 15 pages in 5 second ,if he or she open new pages , pf block him. and I understand this user with 192.168.0.53 can not open than 15 pages or can not connect more than 15 connection in 5 second . Am I right ? Do I understand good this?, with this rule I each IP can have 15 connection in 5 second . please someone explain this section better for me |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
resetting make options? | carpman | FreeBSD Ports and Packages | 1 | 27th March 2010 12:54 PM |
Tracking OpenBSD snapshots with some simple sh scripts | J65nko | Guides | 3 | 2nd December 2009 04:55 AM |
How to get port's building options? | Sunsawe | FreeBSD Ports and Packages | 14 | 9th May 2009 06:35 PM |
portupgrade -af, how to submit fetch options? | bsdfan | FreeBSD Ports and Packages | 4 | 28th December 2008 09:05 PM |
Change Makefile options in ports | shep | FreeBSD Ports and Packages | 5 | 18th August 2008 07:58 AM |