PF ve FBSD blokovani na zaklade pocitani

Radek Krejča radek.krejca at starnet.cz
Wed May 14 20:26:33 CEST 2014


Ahoj,
to asi uniklo mne, diky moc, zkusim, zda je to ono. 

R 

> mozno mi nieco unika ale nie je nahodou
> 
> http://www.openbsd.org/faq/pf/filter.html#udpstate
> 
> to co potrebujes? Example priklad specificky spomina rate limit pre udp
> spojenia
> 
> An example:
> 
> table <abusive_hosts> persist
> block in quick from <abusive_hosts>
> 
> pass in on $ext_if proto tcp to $web_server \
>     port www flags S/SA keep state \
>     (max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts>
> flush)
> 
> This does the following:
> 
> Limits the maximum number of connections per source to 100 Rate limits
> the number of connections to 15 in a 5 second span Puts the IP address
> of any host that breaks these limits into the <abusive_hosts> table For
> any offending IP addresses, flush any states created by this rule.
> 
> Milos



More information about the Users-l mailing list