[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP source tracking doc ?



On Mon, May 31, 2004 at 02:39:50AM +0200, Ed White wrote:
> Playing with custom pf.conf I've understood that "source-track rule" and 
> "source-track global" permit to manage in a different way all the src IP 
> states, however I'd like to receive some confirms.
> 
> 1) pass in quick inet proto tcp to port 25 keep state \
> (source-track rule, max-src-nodes 100, max-src-states 2)
> 
> This means that a max number of 100 IPs could connect and that each of them 
> could have a max number of 2 active connections to this port. Right ?
Yes.
> 2) set limit src-nodes 3000
> pass in quick inet proto tcp to port 80 keep state \
> (source-track global, max-src-states 5)
> pass in quick inet proto tcp to port 443 keep state \
> (source-track global, max-src-states 2)
> 
> This means that a max number of 3000 IPs could connect and that each one of 
> them could have a max number of 5 active connections to port 80 and a max 
> number of 2 active connections to port 443. Right ?
Yes.