[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

rdr pass, max-src-conn



Hello,
I am having troubles with some rdr rules. How should I specify:
rdr pass on $ext_if proto tcp from any to 1.2.3.4 port 80 -> 10.10.10.10
with
pass in on $ext_if proto tcp from any to $range port {80,3389} keep
state ( max-src-conn 3, max-src-conn-rate 2/5, overload <abuse_src>
flush global )
I split the rdr pass into two separate rules,
rdr on $ext_if proto tcp from any to 1.2.3.4 port 80 -> 10.10.10.10
pass on $ext_if proto tcp from any to 1.2.3.4 port {80,3389}
Yet this does not get tagged for the abuse_src table, and in some cases
it will be tagged, but connections remain open and can be established
also. (I do have a block quick drop from abuse_src rule too).
Can someone suggest how this should be specified so that the pass and
rdr work together?
-- 
http://edd.link9.net - http://irc.is-cool.net