Since I have a lot of rules, if I get the attackers into a table and use
a block quick on it, pf won't have to run through all the rules for it.
Now for every packet the attacker sends, pf have to run it through all
the rules.
The main difference is to be able to use a quick rule, i don't know fo
But what benefit do you expect to get when you block it via a
max-src-conn-rate/overload rule or directly via a (default) block rule?
In either way you will block the packet.
On Fri, 2008-02-29 at 16:49 -0300, Vinicius Vianna wrote:
> The problem is that these attacks aren't on any pass rule, they
The problem is that these attacks aren't on any pass rule, they are on
ports that my firewall doesn't permit, so the packet will go to the
block rule, and i can't use these overload rules with block can I?
Lars NoodC)n wrote:
Vinicius Vianna wrote:
I got a firewall with openbsd 4.1 and pf and
Vinicius Vianna wrote:
I got a firewall with openbsd 4.1 and pf and it's receiving a lot of syn
floods attacks and even udp floods,...
I am new at that an have been using pp 68 - 71 of the Book of PF cover
this as does "Firewalling with OpenBSD's PF packet filter", both by
Peter Hansteen.
Hi misc,
I got a firewall with openbsd 4.1 and pf and it's receiving a lot of syn
floods attacks and even udp floods, since this is common I think someone
could have developed something on this, so why to reinvent the wheel?
The scenario is this:
block in log
block in quick inet from to any
5 matches
Mail list logo
