Date: Wed, 14 Feb 2007 18:48:49 +0000 From: Chris <chrcoluk@gmail.com> To: "Peter N. M. Hansteen" <peter@bsdly.net> Cc: freebsd-questions@freebsd.org Subject: Re: Packet rate limiter Message-ID: <3aaaa3a0702141048p5f270126tc1f00059a7dfe4a4@mail.gmail.com> In-Reply-To: <877iusuczk.fsf@thingy.datadok.no> References: <45C99336.3010508@demax.sk> <877iusuczk.fsf@thingy.datadok.no>
next in thread | previous in thread | raw e-mail | index | archive | help
On 08/02/07, Peter N. M. Hansteen <peter@bsdly.net> wrote: > Jan Sebosik <sebosik@demax.sk> writes: > > > is there any way how to limit packet per second [PPS] rate to specified > > IP (group of IP) ? > > The closest I can think of off the top of my head is defining a PF > rule set with queues (ALTQ), however you will be specifying bandwidth, > that is in bits per second (or k,M,G multiples of) of percentage of > available bandwidth, not number of packets. Your groups of source > addresses could be maintained as tables for easy manipulation. > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://www.blug.linux.no/rfc1149/ http://www.datadok.no/ http://www.nuug.no/ > "First, we kill all the spammers" The Usenet Bard, "Twice-forwarded tales" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > _______________________________________________ I thought PF could do this now as I have seen PF rulesets used to limit syn flooding via pps rules. If not it would be good if PF or ipfw got this feature as linux has had it for a while now and it is a lot more effective then limiting per bps.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3aaaa3a0702141048p5f270126tc1f00059a7dfe4a4>