Blocking udp flood trafiic using pf, hints welcome
Eric Williams
purpleshadow100 at gmail.com
Sun Nov 9 13:30:01 PST 2008
David DeSimone wrote:
> You may want to consider adding "keep state" to your "block log" rules.
> If you keep state on the blocked packets, only the first packet that is
> blocked will get logged; the others will be blocked statefully without
> consulting the rulebase, which may save some processing time.
>
> Note that "keep state" is only implicit on "pass" rules, you must add it
> on "block" rules
Doesn't seem to work, it just gives "keep state on block rules doesn't
make sense" as an error.
More information about the freebsd-pf
mailing list