From owner-freebsd-pf@FreeBSD.ORG Thu Nov 23 18:47:28 2006 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id F25C516A416 for ; Thu, 23 Nov 2006 18:47:28 +0000 (UTC) (envelope-from almarrie@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.FreeBSD.org (Postfix) with ESMTP id 838C343D49 for ; Thu, 23 Nov 2006 18:46:48 +0000 (GMT) (envelope-from almarrie@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so487327uge for ; Thu, 23 Nov 2006 10:47:23 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=F7UTfUvypQ26mxJhhAMrHij5gzMfjORB8tycIj4h498nS0qWHiylXM7fl4IOalLIby50GkuKa0c1FybPQ9juqR2Iiy7AfENtajC0KZrMI0sKgPbrojhYiTS/BmFEsXE9KOsIrqLbVxyQcFi5xmhoLdAcZyQhoU9+zSaCtco7wJI= Received: by 10.66.243.4 with SMTP id q4mr2909922ugh.1164307643205; Thu, 23 Nov 2006 10:47:23 -0800 (PST) Received: by 10.66.255.10 with HTTP; Thu, 23 Nov 2006 10:47:23 -0800 (PST) Message-ID: <499c70c0611231047k84747frf91def08d509cba6@mail.gmail.com> Date: Thu, 23 Nov 2006 21:47:23 +0300 From: "John Smith" To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: rate limit with pf instead of IPFW X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 18:47:29 -0000 Greetings BPF gurus! I have this rule in IPFW 01000 allow tcp from any to me setup limit src-addr 5 This rule as you know doesn't allow more than 5 connections per ip to connect to my server in same time. The problem with the IPFW, it doesn't allow me to set it with seconds, so what I need to do is to prevent an IP to connect to my server IP in same time in less than 3 secs. I'm new to bpf and I don't know how to create such rule. The man doesn't have enuf information with real example :( So could someone give me an example with bpf does the same job as IPFW plus using rate limit by secs? I know this rule "limit {src-addr | src-port | dst-addr | dst-port}" But I need to set it globaly for all world IPs. Could someone please give me full example to setup limit {src-addr | src-port | dst-addr | dst-port} to do what IPFW 01000 allow tcp from any to me setup limit src-addr 5 currently does I remain thanking you! -J