Limit poctu spojeni na jednoho uzivatele / ip

Jiri Mikulas konfer at mikulas.com
Wed Mar 14 23:31:13 CET 2007

Previous message: Limit poctu spojeni na jednoho uzivatele / ip
Next message: Zaneřáděná paměť
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Ahoj
pokud mas FBSD 6.x tak muzes pouzit

A separate set of restrictions can be placed on stateful TCP connections that have completed the 3-way handshake.

max-src-conn number
    Limit the maximum number of simultaneous TCP connections which have completed the 3-way handshake that a single host can make.
max-src-conn-rate number / interval
    Limit the rate of new connections to a certain amount per time interval.

http://www.openbsd.org/faq/pf/filter.html#stateopts

pripadne man pf.conf
hledej max-src-conn

pro danou IP vytvoris pass pravidlo s prislusnym limitem
pokud pocet konexi presahne limit, tak by to melo ostatni zahazovat

guli

Bc. Radek Krejca wrote:
> Zdravim,
> 
>   potreboval bych omezit pocet spojeni na jednoho "uzivatele", ktere
>   pustim pres router. Je to FreeBSD server s PF, ktery mimo jine
>   obsluhuje nat. Potrebuji eliminovat uzivatele, kteri jsou treba
>   zavirovani, nebo naji ruzna p2p udelatka a dokazi na natu
>   vygenerovat treba 30 tisic konexi. Je na to neco v pf nebo je to
>   nejaka sysctl hodnota? Jak omezit pocet "stavu" v pf v ramci celeho
>   pf vim, ale jak to omezit nejak generalne pro kazdeho uzivatele /
>   ip?
>

Previous message: Limit poctu spojeni na jednoho uzivatele / ip
Next message: Zaneřáděná paměť
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users-l mailing list