DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 16th December 2017
notooth notooth is offline
Shell Scout
 
Join Date: Jul 2015
Posts: 125
Default Need help with pf

Hi everyone,

In an effort to prevent a DoS attack to my web server, I am trying to set the maximum 1 request per 2 seconds to each client in pf.conf:

Quote:
pass in on egress proto tcp from any to (egress) port { 80 443 } keep state (max-src-conn-rate 1/2)
But when I tried to send about 10 requests to my web server in 2 seconds, the pf passed all to my web server. Can anyone tell me if there is something wrong with the configuration?
Reply With Quote
  #2   (View Single Post)  
Old 17th December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Quote:
Can anyone tell me if there is something wrong with the configuration?
I can't, because there isn't enough information provided here for me to determine if this is the rule which matched the traffic being tested, or if there was a flaw in your test.
Reply With Quote
  #3   (View Single Post)  
Old 18th December 2017
notooth notooth is offline
Shell Scout
 
Join Date: Jul 2015
Posts: 125
Default

I think this is the rule which matched the traffic being test, because when I comment out this rule, I cannot access the web server.
Reply With Quote
  #4   (View Single Post)  
Old 18th December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 7,975
Default

Perhaps your test is flawed, or perhaps the rule's "1/2" value does not take into account the moving average calculation for max-src-conn-rate. The example in the Stateful Tracking Options section of the pf.conf(5) man page uses "100/10".
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 04:34 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick