rate limit with pf instead of IPFW
John Smith
almarrie at gmail.com
Thu Nov 23 18:47:29 UTC 2006
Greetings BPF gurus!
I have this rule in IPFW
01000 allow tcp from any to me setup limit src-addr 5
This rule as you know doesn't allow more than 5 connections per ip to
connect to my server in same time.
The problem with the IPFW, it doesn't allow me to set it with seconds,
so what I need to do is to prevent an IP to connect to my server IP in
same time in less than 3 secs.
I'm new to bpf and I don't know how to create such rule.
The man doesn't have enuf information with real example :(
So could someone give me an example with bpf does the same job as IPFW
plus using rate limit by secs?
I know this rule
"limit {src-addr | src-port | dst-addr | dst-port}"
But I need to set it globaly for all world IPs.
Could someone please give me full example to setup
limit {src-addr | src-port | dst-addr | dst-port} to do what IPFW
01000 allow tcp from any to me setup limit src-addr 5 currently does
I remain thanking you!
-J
More information about the freebsd-pf
mailing list