On Mon, 21 Feb 2005 21:46:45 +0100, Daniel Hartmeier <[EMAIL PROTECTED]> wrote:
> pass in on $lan_if proto tcp from $lan_if:network \ > keep state (max-src-conn-rate 50/30, overload <infected>) > > The table <infected> is initially empty. Whenever a box on the LAN tries > to establish more than 50 new TCP connections within 30 seconds, pf will > add its address to the table. Further connection attempts from the box > will then get blocked by the first rule. Great, another wonderful feature that the $12K BrandName(TM) traffic shaper box cannot do. I hate that thing. -- Jon Simola Systems Administrator ABC Communications
