From owner-freebsd-questions@FreeBSD.ORG Sun Oct 5 17:53:27 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 05101106569B for ; Sun, 5 Oct 2008 17:53:27 +0000 (UTC) (envelope-from bennett@cs.niu.edu) Received: from mp.cs.niu.edu (mp.cs.niu.edu [131.156.145.41]) by mx1.freebsd.org (Postfix) with ESMTP id 805308FC25 for ; Sun, 5 Oct 2008 17:53:26 +0000 (UTC) (envelope-from bennett@cs.niu.edu) Received: from mp.cs.niu.edu (bennett@localhost [127.0.0.1]) by mp.cs.niu.edu (8.14.3/8.14.3) with ESMTP id m95Hr36c014873 for ; Sun, 5 Oct 2008 12:53:03 -0500 (CDT) Date: Sun, 5 Oct 2008 12:53:03 -0500 (CDT) From: Scott Bennett Message-Id: <200810051753.m95Hr3N5014872@mp.cs.niu.edu> To: freebsd-questions@freebsd.org Subject: pf vs. RST attack question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Oct 2008 17:53:27 -0000 I'm getting a lot of messages like this: Oct 4 14:30:00 hellas kernel: Limiting closed port RST response from 250 to 200 packets/sec Is there some rule I can insert into /etc/pf.conf to reject these apparently invalid RST packets before they can bother TCP? At the same time, I do not want to reject legitimate RST packets. Thanks in advance for any clues! Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************