|
|||
PF - connection limit per ip
Hello guys,
Im reading about connection restricion per ip source. Code:
stossh ="(max 100, source-track rule, max-src-conn 10, max-src-conn-rate 5/200, overload <bruteforce> flush global)" And using it for: Code:
pass in on $ext_if proto tcp from any to any port { 22 } $stossh Can i do something like example above ? Code:
stovoice = "(max 100, source-track rule, max-src-conn 10, max-src-conn-rate 5/200, overload <bruteforce> flush global)" Code:
pass in on $ext_if proto udp from any to any port { 64738 } $stovoice Thank you. |
|
|||
Quote:
You can set restrictions with one line for two protocols (tcp and udp) at the same time, and the S/SA keep state flags are automatically set for tcp proto, and the keep state are used by udp. Code:
table <bruteforce> persist restrict="(max 100, source-track rule, max-src-conn 10, max-src-conn-rate 5/200, overload <bruteforce> flush global)" pass in on $ext_if proto { tcp udp } from any to ($ext_if) port { domain } flags S/SA keep state $restrict |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Memory limit | jaax | NetBSD General | 2 | 19th February 2011 11:21 AM |
Bandwidth limit per IP | PatrickBaer | OpenBSD General | 13 | 22nd February 2010 07:38 PM |
Working dial-up connection - No Client Connection | vigol | FreeBSD General | 5 | 22nd November 2009 10:59 PM |
Limit Bandwidth (not throughput) | plexter | OpenBSD Security | 5 | 9th October 2008 05:10 PM |
pop3d: Maximum connection limit reached for ... | kheled | FreeBSD General | 1 | 25th June 2008 05:16 PM |