From owner-freebsd-pf@FreeBSD.ORG Wed Jun 23 19:30:44 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18DAE10659D5 for ; Wed, 23 Jun 2010 19:30:44 +0000 (UTC) (envelope-from claudiu.vasadi@gmail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id A132F8FC14 for ; Wed, 23 Jun 2010 19:30:43 +0000 (UTC) Received: by wyb33 with SMTP id 33so5654430wyb.13 for ; Wed, 23 Jun 2010 12:30:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:cc:content-type; bh=JM02IpNO1NHOwCxeKpjqVKOz42u+FzAth9QiXtIPgrk=; b=p7iCvpuWGDC1O6ukNnz9IGScM1B2iXRkoLDixw8HZ6piHj4r/r3r8Xa8kN0qu3ztRx 2MLNfEzMLqT8odXXBxBRpqv5Dm7gkga4RL3g6BmCTa4v/qbpSMg69SJe/wDy1krdiTFz Gp15LTTDPMeGoNDDLThp3TfLPLZs/gNPFRjm8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; b=HGOIKuSyMqUdIpG/QQWHZx6vUd6MCc928T3M3uGWIZRSh+zoD5DSz1Y7fywaEQlJgz oKZqqnOwyHVZeAfq3/L+CCX4TUWz+4Nf5kt+31Mg1QDPT+1r3rRth3FojivkvJPKKKEn pZuC2C/hcU3agy9j5TXGuO5SA9MABNtzU+0qo= MIME-Version: 1.0 Received: by 10.216.161.21 with SMTP id v21mr6382280wek.73.1277321442760; Wed, 23 Jun 2010 12:30:42 -0700 (PDT) Received: by 10.216.18.77 with HTTP; Wed, 23 Jun 2010 12:30:39 -0700 (PDT) In-Reply-To: <7114830758496124649@unknownmsgid> References: <7114830758496124649@unknownmsgid> Date: Wed, 23 Jun 2010 21:30:39 +0200 Message-ID: From: claudiu vasadi To: no name Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: "freebsd-pf@freebsd.org" Subject: Re: can pf block a string ? or better, to limit it ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2010 19:30:44 -0000 On Wed, Jun 23, 2010 at 9:18 PM, no name wrote: > i can't recall it, was dc tcp or udp based? > "dc" ???? The number of possible connections in a specific time frame does not help if I have ~200-500 authentications requests/sec and I get 100-300 attacks (D/DOS) per sec. I thought about that one long ago, and no matter on which side I turn the problem, I always end up at the "impossible to filter strings" wall. I know iptables can do it but a couple of months ago when I was asked to conf. a linux box I went completely mad trying to learn iptables's syntax (god it's ugly). This is why I would prefer to avoid linux here. Plus, I'm dealing with pf way longer than iptables and linux for that matter (it was ~6 years ago when I worked with linux last time)