|
FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below. |
|
Thread Tools | Display Modes |
|
|||
PF: UDP rate limiting
How does one rate limit UDP on PF enabled gateway?
For example I would like to limit 10.1.2.0/24 to max 100 UDP packets per second. How do I achieve that? |
|
||||
Hello, and welcome!
I'm not aware of any rate limiting capability for PF that uses PPS as a measure. Traffic shaping (queueing) can be used to limit outbound bandwidth, rather than PPS. You could use this on any traffic you were forwarding from the 10.1.2.0/24 subnet to other networks. You might be able to limit the number of UDP connections permitted, through a subset of of PF's Stateful Tracking Options, which are available for UDP traffic. UDP is stateless, but PF treats UDP as if it is stateful, using timers to track a limited form of state. You could limit the maximum number of "states" permitted to pass a specific rule, or you could limit the number of "states" by individual IP address within the rule, for example. See the STATEFUL TRACKING OPTIONS section of the pf.conf(5) man page for FreeBSD's PF, which I believe matches OpenBSD release 4.5 syntax. http://man.openbsd.org/OpenBSD-4.5/pf.conf |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
PF sessions/s rate evaluation | Vauteck | OpenBSD Security | 1 | 16th August 2011 10:09 AM |
iptables: overload on max-src-conn-rate? | Carpetsmoker | Other BSD and UNIX/UNIX-like | 2 | 13th May 2011 09:34 PM |
Help Limiting/Splitting Bandwidth | EverydayDiesel | OpenBSD Security | 5 | 1st April 2009 08:19 AM |
transfer rate | zomo | OpenBSD General | 7 | 26th January 2009 03:00 AM |
OpenBSD 4.4 and refresh rate 75 | mfaridi | OpenBSD Installation and Upgrading | 8 | 12th November 2008 12:05 PM |