On Mon, Aug 20, 2012 at 12:07 PM, Kevin Wilcox <kevin.wil...@gmail.com> wrote: > Rather than block on the number of states, take a look at dropping > based on the number of connections over some time delta. > > Specifically, max-src-conn and max-src-conn-rate.
Anything based on the source address is ineffective as the number of attack packets from any given IP is very low (frequently 1 if they are forged). The goal for us is to clamp down on attacks directed at a given IP quickly and effectively enough that only that IP is affected. Thanks. _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"