[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: pf versions



hi,
the max-src-conn vs fuctionality is added at OpenBSD 3.7. Thus, you
can use these rules with openbsd3.7 and later releases..
>From http://www.openbsd.org/37.html ;
" Support limiting TCP connections by establishment rate,
automatically adding flooding IP addresses to tables and flushing
states (max-src-conn-rate, overload <table>, flush global). "
2005/9/5, Huzeyfe Onal <[email protected]>:
> 
> hi,
> the max-src-conn vs fuctionality is added at OpenBSD 3.7. Thus, you can use these rules with openbsd3.7 and later releases..
> From http://www.openbsd.org/37.html 
> " Support limiting TCP connections by establishment rate, automatically adding flooding IP addresses to tables and flushing states (max-src-conn-rate, overload <table>, flush global). " 
> 
>  
> 2005/9/5, ed <[email protected]>: 
> 
> > Hello,
> > 
> > On an openbsd 3.7 install the following rule will work yet not on a 3.6,
> > is there a difference in the way the rule should be declared, or if pf 
> > can be upgraded, how should I do this?
> > 
> > ext_if=xl0
> > ext_network=1.2.3.4/5
> > 
> > pass in on $ext_if proto tcp from any to $ext_network port {22,3389}
> > keep state ( max-src-conn 3, max-src-conn-rate 2/5, overload <abuse_src> 
> > flush global )
> > 
> > 
> > 
> > --
> > http://edd.link9.net - http://irc.is-cool.net
> > 
> 
> 
> 
> -- 
> Huzeyfe ÖNAL  
> ---
> First Turkish Qmail book is out! Go check it.
> Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
> http://www.acikakademi.com/catalog/qmail/
> 
-- 
Huzeyfe ÖNAL  
---
First Turkish Qmail book is out! Go check it.
Duydunuz mu! Turkiye'nin ilk Qmail kitabi cikti.
http://www.acikakademi.com/catalog/qmail/