Flush ICMP and UDP flooders
Abdullah Ibn Hamad Al-Marri
almarrie at gmail.com
Thu Jun 28 10:28:27 UTC 2007
Hello,
I would like to block ICMP and UDP flooders who exceed a reasonable number.
#- Rate Limit UDP (150 per host)
pass proto udp to any port $udp_services keep state
pass in quick proto udp from any to any \
keep state \
(max-src-conn 1,max-src-states 151, \
overload <DDoS> flush global)
#- Rate Limit ICMP (10 per host)
pass in quick proto icmp from any to any \
keep state \
(max-src-conn 1,max-src-states 11, \
overload <DDoS> flush global)
Comments?
--
Regards,
-Abdullah Ibn Hamad Al-Marri
Arab Portal
http://www.WeArab.Net/
More information about the freebsd-pf
mailing list