I'm getting the following:
pf_src_connlimit: blocking address xx.xx.xx.xx, 7 states killed
Which is a pretty neat feature except I can't find anything on it, and
it's (somewhat) silently doing this.
Can someone point me to where I can read about this? I'd like to know
how it decides to block the IP, how I can change it and at what point
this block times out (which it seems to do).
I've searched the man pages, and tried Google but haven't had any luck.
We've forked out good money for a security audit and a big name saying
we're compliant with whatever guideline they're looking at. They're
getting a little perturbed because their scans aren't coming back
accurately (first scrub and now this). So I need to turn this off at
least temporarily.
Whether or not turning off various forms of security for a security
audit is "valid" has been well discussed on our end already.
Thanks,
Chris