Date: Sun, 14 May 2006 22:26:13 -0700 From: "Kian Mohageri" <kian.mohageri@gmail.com> To: "GreenX FreeBSD" <freebsd@azimut-tour.ru> Cc: freebsd-pf@freebsd.org Subject: Re: promt solution with max-src-conn-rate Message-ID: <fee88ee40605142226i6b1e07c4h9625117e5d5e3bbe@mail.gmail.com> In-Reply-To: <44680266.2090007@azimut-tour.ru> References: <44680266.2090007@azimut-tour.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
On 5/14/06, GreenX FreeBSD <freebsd@azimut-tour.ru> wrote: > > They work, but there are some things not arranging me: > - If to change port http for any other empty port (on http post, I have > working apache) source IP does not get in the table though state it is > created. I would assume this is because those those stateful tracking options you're using can only be used on connections that have completed the three-way handshake--you're probably trying to use this on a port where nothing is listening. http://www.openbsd.org/faq/pf/filter.html#stateopts I'd advise against what you're trying to do. It won't make your box more secure. Kian
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?fee88ee40605142226i6b1e07c4h9625117e5d5e3bbe>