Girish Venkatachalam napisa:
Please read up on pf(4) anchors.
And also on connection overloads in pf.conf(5).
Stuff like max-conn-rate and so on.
You already said you know about pf(4) tables. You need to populate the tables
based on different criteria. I know that connection overload is one.
You should be able to define other conditions to populate the tables.
And you can use anchors along with tables, define conditions and get
what you want.
I hope I have not left out anything important.
Thanks for your respone. If I understand you correctly pf kernel module
actually supports operating with tables based on positive conditions (ie
not only when rule is broken, but also when rule is true), and the way
to define rules of that kind is using directly some of IOCTLs documented
in pf(4)? Plese confirm if that is true, since I couldn't find that kind
of functionality with pfctl(8) (I tried making conditions with
max-src-conn-rate set to 0 with idea that making one connection will
break this rule so I could add ip in table that way, but pfctl(8) is too
smart to accept rules with max-src-conn-rate set to 0)
Regards,
Ivan
