Date: Sun, 5 Oct 2008 12:53:03 -0500 (CDT) From: Scott Bennett <bennett@cs.niu.edu> To: freebsd-questions@freebsd.org Subject: pf vs. RST attack question Message-ID: <200810051753.m95Hr3N5014872@mp.cs.niu.edu>
next in thread | raw e-mail | index | archive | help
I'm getting a lot of messages like this: Oct 4 14:30:00 hellas kernel: Limiting closed port RST response from 250 to 200 packets/sec Is there some rule I can insert into /etc/pf.conf to reject these apparently invalid RST packets before they can bother TCP? At the same time, I do not want to reject legitimate RST packets. Thanks in advance for any clues! Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at cs.niu.edu * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810051753.m95Hr3N5014872>