Date: Thu, 28 Jun 2007 13:28:26 +0300 From: "Abdullah Ibn Hamad Al-Marri" <almarrie@gmail.com> To: "FreeBSD PF Pro List" <freebsd-pf@freebsd.org> Subject: Flush ICMP and UDP flooders Message-ID: <499c70c0706280328m497a613dg552901c7c9875ed2@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I would like to block ICMP and UDP flooders who exceed a reasonable number.
#- Rate Limit UDP (150 per host)
pass proto udp to any port $udp_services keep state
pass in quick proto udp from any to any \
keep state \
(max-src-conn 1,max-src-states 151, \
overload <DDoS> flush global)
#- Rate Limit ICMP (10 per host)
pass in quick proto icmp from any to any \
keep state \
(max-src-conn 1,max-src-states 11, \
overload <DDoS> flush global)
Comments?
--
Regards,
-Abdullah Ibn Hamad Al-Marri
Arab Portal
http://www.WeArab.Net/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?499c70c0706280328m497a613dg552901c7c9875ed2>