Date: Mon, 22 Sep 2008 13:59:08 +0200 From: "Redd Vinylene" <reddvinylene@gmail.com> To: "=?ISO-8859-1?Q?Lars_Nood=E9n?=" <larsnooden@openoffice.org>, questions@freebsd.org, misc@openbsd.org Subject: Re: pf to block against DDoS? Message-ID: <f1019d520809220459r282c2efeoe420dc2097f2f28e@mail.gmail.com> In-Reply-To: <48D7590A.9070404@openoffice.org> References: <f1019d520809212154p328253c6kbfdd643e5bb5c146@mail.gmail.com> <48D7590A.9070404@openoffice.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Sep 22, 2008 at 10:36 AM, Lars Nood=E9n <larsnooden@openoffice.org>= wrote: > Redd Vinylene wrote: > >> ... > >> You can also use two tables so that the first overload gets shunted to= a > >> slow queue and given a second chance before ending up in the second > >> table which gets blocked. > > ... > > Lars Noodin: Would you happen to have an example of that? > > Not really, here is an illustration of how it might be approached: > > http://www-personal.umich.edu/~lars/PF/pf.ssh-2tables.conf<http://www-pe= rsonal.umich.edu/%7Elars/PF/pf.ssh-2tables.conf> > > I expect that the last-rule-matched takes care of the decision. The > However, there might be some divergence between what I think it does and > what it really does. > > Another question is, in which cases is that useful? > > Regards > -Lars > This has been a very interesting example, Lars. Thanks a lot for sharing! As for your last question though, I think I know what you mean. It is to say, should a rapist really be given a second chance? --=20 http://www.home.no/reddvinylene
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?f1019d520809220459r282c2efeoe420dc2097f2f28e>