Date: Mon, 24 Oct 2016 11:42:54 -0400 From: "Simon" <simon@optinet.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: PF - Treating Multiple Virtual IPs as one
| raw e-mail | index | archive | help
I am trying to rate limit/control access to a port across multiple virtual IPs or aliases using max-src-conn and max-src-conn-rate. Problem arises when attacker floods connections to the same port across many IPs listening on the same port. Is it possible to tell PF to treat connections to the same port across multiple IPs assigned to the same NIC in the instances of max-src-conn-rate ? In other words, I want connections made to port XX on x.x.x.1, x.x.x.2, etc... count toward the same counter using max-src-conn-rate and max-src-conn. By default, each IP tracks own counter and this defeats the purpose of my rate limiting for a port. Couldn't find this in the manual. Not sure if I'll have better luck with freebsd-ISP on this. Didn't want to cross post just yet. Thanks, Simon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?>