can pf block a string ? or better, to limit it ?
Vlad Galu
dudu at dudu.ro
Wed Jun 23 22:29:33 UTC 2010
http://www.inmon.com/support/sentinel_release.php
On Wed, Jun 23, 2010 at 8:30 PM, claudiu vasadi
<claudiu.vasadi at gmail.com> wrote:
> Hello fellas,
>
>
> system: freebsd 8.0 with pf
>
>
> A couple of years ago I wanted to limit a string with pf and I could not
> find a way to do it.
>
> Back in the day, I was running a dc++ software on FreeBSD and the most
> common way of flood was this "string attack". The idea was simple: more than
> "x" number of packages containing this "string" = dc++ software stuck. I
> remember a friend of mine was able to limit the number per second to
> something but I was unable to do the same in pf. Back then I was using
> FreeBSD6.2 but I can't find a way to do it even now.
>
>
> Can someone shed some light ? Were you trying something similar ?
> _______________________________________________
> freebsd-pf at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-pf
> To unsubscribe, send any mail to "freebsd-pf-unsubscribe at freebsd.org"
>
Hi Claudiu,
See the "STATEFUL TRACKING OPTIONS" chapter of pf.conf(5),
particularly the "source-track", "max-src-nodes", "max-src-states",
"max-src-conn" and "max-src-conn-rate" keywords.
--
Good, fast & cheap. Pick any two.
More information about the freebsd-pf
mailing list