On 6/18/10 1:08 PM, Code Ghar wrote: > In the pfSense book, there's a section (6.6.9.3) titled "Maximum New > Connections / Per Second". It says that "Any IP address exceeding that > number of connections within the given time frame will be blocked for > one hour." When using VoIP, which uses UDP, if one IP sends calls to > your VoIP switch with pfSense in the middle, there's one state > established. Within that state if that same IP sends, say 5 messages in > a second, are these messages considered 5 connections in one state or 1 > connection in one state? My aim is to restrict UDP connections per > second from all IPs in a rule.
The most common case with VoIP traffic is that you have at least two streams, one apiece for signaling and media traffic.* The signaling stream typically uses a well-known port (i.e., 5060 for SIP) and the media traffic (often RTP/RTSP) uses some random port. There are some sample VoIP captures here: http://techtraces.com/sample_captures/ dn *Caveat: "VoIP" is a very broad term, covering lots of different signaling and media transport methods. The example I gave above is a simple and very commonly used case, but there are lots of others. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
