| Building The Network You Need With PF, The OpenBSD Packet Filter: BSDCan 2016, Ottawa, Canada, June 8th 2016 | ||
|---|---|---|
| Prev | Next | |
Prevent floods:
pass inet proto tcp to $webserver port www \
flags S/SA keep state \
(max-src-conn-rate 15/5, \
max-src-nodes 250, max-src-states 100, source-track rule)max-src-nodes: number of distinct hosts (IP addresses) allowed to have states
max-src-states: number of states allowed per host
Others simply dropped