PF ve FBSD blokovani na zaklade pocitani
Radek Krejča
radek.krejca at starnet.cz
Wed May 14 20:26:33 CEST 2014
Ahoj,
to asi uniklo mne, diky moc, zkusim, zda je to ono.
R
> mozno mi nieco unika ale nie je nahodou
>
> http://www.openbsd.org/faq/pf/filter.html#udpstate
>
> to co potrebujes? Example priklad specificky spomina rate limit pre udp
> spojenia
>
> An example:
>
> table <abusive_hosts> persist
> block in quick from <abusive_hosts>
>
> pass in on $ext_if proto tcp to $web_server \
> port www flags S/SA keep state \
> (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts>
> flush)
>
> This does the following:
>
> Limits the maximum number of connections per source to 100 Rate limits
> the number of connections to 15 in a 5 second span Puts the IP address
> of any host that breaks these limits into the <abusive_hosts> table For
> any offending IP addresses, flush any states created by this rule.
>
> Milos
More information about the Users-l
mailing list