promt solution with max-src-conn-rate
Kian Mohageri
kian.mohageri at gmail.com
Mon May 15 05:26:16 UTC 2006
On 5/14/06, GreenX FreeBSD <freebsd at azimut-tour.ru> wrote:
>
> They work, but there are some things not arranging me:
> - If to change port http for any other empty port (on http post, I have
> working apache) source IP does not get in the table though state it is
> created.
I would assume this is because those those stateful tracking options you're
using can only be used on connections that have completed the three-way
handshake--you're probably trying to use this on a port where nothing is
listening.
http://www.openbsd.org/faq/pf/filter.html#stateopts
I'd advise against what you're trying to do. It won't make your box more
secure.
Kian
More information about the freebsd-pf
mailing list