From owner-freebsd-net@FreeBSD.ORG  Mon Jun  7 11:00:09 2010
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 988091065672
	for <freebsd-net@freebsd.org>; Mon,  7 Jun 2010 11:00:09 +0000 (UTC)
	(envelope-from pieter@thelostparadise.com)
Received: from mail.thelostparadise.com (router.thelostparadise.com
	[IPv6:2a02:898:0:30::30:1])
	by mx1.freebsd.org (Postfix) with ESMTP id 31F158FC08
	for <freebsd-net@freebsd.org>; Mon,  7 Jun 2010 11:00:09 +0000 (UTC)
Received: by mail.thelostparadise.com (Postfix, from userid 127)
	id 0991873054; Mon,  7 Jun 2010 13:00:08 +0200 (CEST)
Received: from localhost by mail.thelostparadise.com (Postfix) with ESMTP id
	E2BBE73008
	for <freebsd-net@freebsd.org>; Mon,  7 Jun 2010 13:00:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=thelostparadise.com;
	s=thelostparadise; t=1275908407; bh=tigJ2p0v8WFKvtdMOHvau3TeEiY=;
	h=Message-ID:Date:From:MIME-Version:To:Subject:References:
	In-Reply-To:Content-Type:Content-Transfer-Encoding; b=okOgmOntu3jt
	9xx7oDCKVlYLZ1pdK5v7+hrIUC+penF0mL3UodPINYSieYGIQDzjYzoAa1vuvQioGXN
	sRIJUqyf/3wcoA0G3iKYiyVsdTemZkekuA/7GwmHHQ8WXa+niDaYo5MrCTkxQ6/cpHU
	RLReu4TkFJ1HLE6zDoM/Azo5Q=
Message-ID: <4C0CD137.60804@thelostparadise.com>
Date: Mon, 07 Jun 2010 13:00:07 +0200
From: Pieter de Boer <pieter@thelostparadise.com>
MIME-Version: 1.0
To: freebsd-net@freebsd.org
References: <4C0CBA26.80209@os3.nl>
In-Reply-To: <4C0CBA26.80209@os3.nl>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: Connection rate limits with pf, blocks too soon?
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2010 11:00:09 -0000

On 06/07/2010 11:21 AM, Pieter de Boer wrote:

> However, when I run a scanner against this web server, the source IP is
> blocked after a few seconds and only a few tens of requests. Using
> 'pfctl -s state' I confirmed that only 65 simultaneous states were
> present, much lower than the limit.

Turns out I was looking at the wrong rule.

Sorry for the noise,
Pieter