london.net]
Sent: 16 July 2009 03:47
Cc: freebsd-pf@freebsd.org
Subject: RE: question about max-src-conn and max-src-conn-rate
HI
I know that many people disagree with this but I would not block any
outgoing requests front the gateway in the first place:
As in:
pass out quick keep stat
Sent: 16 July 2009 03:36
To: Valentin Bud
Cc: freebsd-pf@freebsd.org
Subject: Re: question about max-src-conn and max-src-conn-rate
thank you for the reply,
This is the network layout I have:
INTERNET-($ext_if)[firewall/gateway]($int_if)---[webservers on lan]
Does that change must as
a max-src-conn-rate that would identify an attack? all the
online examples are far too strict.
From: Valentin Bud
Sent: Wednesday, July 15, 2009 9:18 AM
To: Tony
Cc: freebsd-pf@freebsd.org
Subject: Re: question about max-src-conn and max-src-conn-rate
On Tue, Jul 14, 2009 at 6:12
On Tue, Jul 14, 2009 at 6:12 PM, Tony wrote:
>
> Below is a packet filter snippet from my config file:
>
>
>
> block drop log quick from
> ...
> pass in quick on $ext_if proto tcp from any to port 80 flags S/SA
> keep state (max-src-conn 80, max-src-conn-rate 200/2, overload flush
> global)
>
