Date: Thu, 16 Jul 2009 09:04:31 +0100 From: Greg Hennessy <Greg.Hennessy@nviz.net> To: Torsten Kersandt <torsten@cnc-london.net> Cc: "freebsd-pf@freebsd.org" <freebsd-pf@freebsd.org> Subject: RE: question about max-src-conn and max-src-conn-rate Message-ID: <6CE8D2A5CE118747811E51143A68BA0A72F4C625B5@PEMEXMBXVS01.jellyfishnet.co.uk.local> In-Reply-To: <015901ca05bf$bf85cd70$3e916850$@net> References: <COL106-W36D87D1E308A510FBE56078C230@phx.gbl> <139b44430907150618y32473898i3a245c627c7091f2@mail.gmail.com> <COL106-DS5EE679C5F6E5593B2AAC48C210@phx.gbl>, <015901ca05bf$bf85cd70$3e916850$@net>
next in thread | previous in thread | raw e-mail | index | archive | help
That converts the operation of PF into a PIX. :-) I would tend to caveat the advice below with liberal use of tag and 'tagged= '=20 Greg ________________________________________ From: owner-freebsd-pf@freebsd.org [owner-freebsd-pf@freebsd.org] On Behalf= Of Torsten Kersandt [torsten@cnc-london.net] Sent: 16 July 2009 03:47 Cc: freebsd-pf@freebsd.org Subject: RE: question about max-src-conn and max-src-conn-rate HI I know that many people disagree with this but I would not block any outgoing requests front the gateway in the first place: As in: pass out quick keep state regards Torsten=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6CE8D2A5CE118747811E51143A68BA0A72F4C625B5>