[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

IP source tracking doc ?



Hi,
reading PF FAQ and pf.conf man page I haven't found any detailed help about 
source-track options.
Playing with custom pf.conf I've understood that "source-track rule" and 
"source-track global" permit to manage in a different way all the src IP 
states, however I'd like to receive some confirms.
1) pass in quick inet proto tcp to port 25 keep state \
(source-track rule, max-src-nodes 100, max-src-states 2)
This means that a max number of 100 IPs could connect and that each of them 
could have a max number of 2 active connections to this port. Right ?
2) set limit src-nodes 3000
pass in quick inet proto tcp to port 80 keep state \
(source-track global, max-src-states 5)
pass in quick inet proto tcp to port 443 keep state \
(source-track global, max-src-states 2)
This means that a max number of 3000 IPs could connect and that each one of 
them could have a max number of 5 active connections to port 80 and a max 
number of 2 active connections to port 443. Right ?
Thanks.
	Ed
P.S. PF FAQ has completely omitted this argument and also has wrong default 
values for the limit section... it seems...