Date: Thu, 24 Jun 2010 00:29:09 +0200 From: Vlad Galu <dudu@dudu.ro> To: claudiu vasadi <claudiu.vasadi@gmail.com> Cc: freebsd-pf@freebsd.org Subject: Re: can pf block a string ? or better, to limit it ? Message-ID: <AANLkTim8styY2EUsEy8YYm-wF_QCNbQyYymzhie8SJqD@mail.gmail.com> In-Reply-To: <AANLkTima26GreX5jtmdJiR2FbNiB5O4ixN92oqxktTmb@mail.gmail.com> References: <AANLkTima26GreX5jtmdJiR2FbNiB5O4ixN92oqxktTmb@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
http://www.inmon.com/support/sentinel_release.php On Wed, Jun 23, 2010 at 8:30 PM, claudiu vasadi <claudiu.vasadi@gmail.com> wrote: > Hello fellas, > > > system: freebsd 8.0 with pf > > > A couple of years ago I wanted to limit a string with pf and I could not > find a way to do it. > > Back in the day, I was running a dc++ software on FreeBSD and the most > common way of flood was this "string attack". The idea was simple: more than > "x" number of packages containing this "string" = dc++ software stuck. I > remember a friend of mine was able to limit the number per second to > something but I was unable to do the same in pf. Back then I was using > FreeBSD6.2 but I can't find a way to do it even now. > > > Can someone shed some light ? Were you trying something similar ? > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Hi Claudiu, See the "STATEFUL TRACKING OPTIONS" chapter of pf.conf(5), particularly the "source-track", "max-src-nodes", "max-src-states", "max-src-conn" and "max-src-conn-rate" keywords. -- Good, fast & cheap. Pick any two.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTim8styY2EUsEy8YYm-wF_QCNbQyYymzhie8SJqD>