[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: source limit



i suggest to implement in kernel. no 'kill states/modify rules' needed .
it is not too complex to do it in kernel. (500 lines for TCP source limit is
enough)
make a flowlimit_check hook before 'create states code' in pf_test_tcp().
don't create any states in pf_test_tcp() if the limitation of the source
reach the maximum value.
you needed to increase or decrease the limit counter of the source address
if  the related TCP state enter ESTABLISHED state or CLOSED/FIN_WAIT state.
----- Original Message -----
From: "Can Erkin Acar" <canacar@eee.metu.edu.tr>
To: <pf@benzedrine.cx>
Sent: Monday, March 17, 2003 8:58 PM
Subject: Re: source limit
> Perhaps this can be implemented in userland?
> A deamon listening on pfsync could track states/hosts
> and kills states/modifies rules depending on any criteria you
> care to define. Better than adding more complexity to the kernel code.
>
> Can
>