|
14th April 2010
|
||||
|
||||
PF and Stateful Tracking Options
I want use PF for firewall for webserver , our webserver is Apache
I read this link http://www.openbsd.org/faq/pf/filter.html but I can not understand this section Code:
An example:
table <abusive_hosts> persist
block in quick from <abusive_hosts>
pass in on $ext_if proto tcp to $web_server \
port www flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush)
This does the following:
* Limits the maximum number of connections per source to 100
* Rate limits the number of connections to 15 in a 5 second span
* Puts the IP address of any host that breaks these limits into the <abusive_hosts> table
* For any offending IP addresses, flush any states created by this rule.
For example if some user with this IP 192.168.0.52 connect to my web server , he or she can only open 15 pages in 5 second ,if he or she open new pages , pf block him. and I understand this user with 192.168.0.53 can not open than 15 pages or can not connect more than 15 connection in 5 second . Am I right ? Do I understand good this?, with this rule I each IP can have 15 connection in 5 second . please someone explain this section better for me 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| resetting make options? | carpman | FreeBSD Ports and Packages | 1 | 27th March 2010 11:54 AM |
| Tracking OpenBSD snapshots with some simple sh scripts | J65nko | Guides | 3 | 2nd December 2009 03:55 AM |
| How to get port's building options? | Sunsawe | FreeBSD Ports and Packages | 14 | 9th May 2009 06:35 PM |
| portupgrade -af, how to submit fetch options? | bsdfan | FreeBSD Ports and Packages | 4 | 28th December 2008 08:05 PM |
| Change Makefile options in ports | shep | FreeBSD Ports and Packages | 5 | 18th August 2008 07:58 AM |
Threaded Mode