On Wed, Jul 11, 2012 at 4:44 AM, Boutros Halingrad <boutros.haling...@gmail.com> wrote: > Problem is, the only address that get added to the <floodtargets> table is > that of the sending server.
Right, sys/net/pf.c is hardcoded to use only the source address for the overload table. (Search for "overload_tbl" to see the relevant code.) > Any ideas on how to get the attack victims added to the table? I think you'll need to patch pf to support this.