| Building the Network You Need with OpenBSD's PF: EuroBSDCon, St. Julian's, September 26th 2013 | ||
|---|---|---|
| Prev | Next | |
Prevent floods:
pass inet proto tcp to $webserver port www \
flags S/SA keep state \
(max-src-conn-rate 15/5, \
max-src-nodes 250, max-src-states 100, source-track rule)max-src-nodes: number of distinct hosts (IP addresses) allowed to have states
max-src-states: number of states allowed per host
Others simply dropped