|
OpenBSD Security Functionally paranoid! |
|
Thread Tools | Display Modes |
|
|||
PF: limit number of incoming connectios during some time period
Hello all.
I wonder if there's an ability in PF like this one in iptables: Code:
--dport 80 -m hashlimit --hashlimit-name WEBSRV --hashlimit-mode srcip --hashlimit-above 3/minute --hashlimit-htable-expire 120000 -j DROP And tried (don't worry, this is a VM and I have a "physical" access to it ): Code:
pass in on $ext_if proto tcp from any to any port 22 keep state max-src-conn-rate 2/60 Code:
/etc/pf.conf:22: syntax error |
|
|||
Tried to do as in an example and no any errors now:
Code:
pass in on $ext_if proto tcp from any to any port 22 keep state (max-src-conn-rate 2/60, overload <bad_hosts> flush global) |
|
|||
As usual, I got the answer myself
We just need to use parentheses, even if one option is specified: Code:
pass in on $ext_if proto tcp from any to any port 22 keep state (max-src-conn-rate 2/60) |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
BSDs 'lost' just because of this phone number 1-800-ITS-UNIX | vermaden | News | 3 | 22nd November 2011 11:51 PM |
postfix incoming only on external | vdubjunkie | General software and network | 5 | 7th June 2009 08:02 PM |
How to turn drives off after a period of time? | drhowarddrfine | FreeBSD General | 9 | 3rd May 2009 12:05 PM |
Number of Images exceeded | 18Googol2 | Feedback and Suggestions | 2 | 10th May 2008 09:38 PM |
I've never been number one in anything | drhowarddrfine | Off-Topic | 4 | 1st May 2008 07:27 AM |