Support for max-src-conn, max-src-conn-rate, overload
Jason
Jason at WinSE.ath.cx
Mon Aug 22 03:12:46 GMT 2005
I have noticed that these features of PF are supported in OpenBSD's pf, but
not FreeBSD's pf. Is there any patch to add them, or plan to add support
for them in the future? Have I done something wrong? Thanks.
max-src-conn number
max-src-conn-rate number / interval
overload <table>
flush [global]
Example of usage from the OpenBSD PF manual:
table <abusive_hosts> persist
block in quick from <abusive_hosts>
pass in on $ext_if proto tcp to $web_server \
port www flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts>
flush)
More information about the freebsd-pf
mailing list