From owner-freebsd-net@FreeBSD.ORG Thu Nov 10 01:50:45 2011 Return-Path: Delivered-To: net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1B28A106566B for ; Thu, 10 Nov 2011 01:50:45 +0000 (UTC) (envelope-from vijju.singh@gmail.com) Received: from mail-iy0-f182.google.com (mail-iy0-f182.google.com [209.85.210.182]) by mx1.freebsd.org (Postfix) with ESMTP id E37E18FC0C for ; Thu, 10 Nov 2011 01:50:44 +0000 (UTC) Received: by iakl21 with SMTP id l21so1009526iak.13 for ; Wed, 09 Nov 2011 17:50:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=LSdiCj36VmrXHg6jI9z9zp5qpAdaIHDRFHv697qWlaw=; b=vHC1UBG3EXdRAbIS/eCOKkW1mcIH3Wpr9JL5Lt3/bKAxKZU/JDbv/sdMc8GMG7zUrb bkpp1ObZsz7YSPmBUxsU9asFGyyXNBdxrXqi7tGApjynRsSyNsZSSzp0v+NNmUkQXNzj t1O6SH61WNqFJOntMBoRhn2iDO6HcUvb13tGQ= MIME-Version: 1.0 Received: by 10.50.12.227 with SMTP id b3mr5649696igc.24.1320888264631; Wed, 09 Nov 2011 17:24:24 -0800 (PST) Received: by 10.231.14.68 with HTTP; Wed, 9 Nov 2011 17:24:24 -0800 (PST) Date: Wed, 9 Nov 2011 17:24:24 -0800 Message-ID: From: Vijay Singh To: net@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: ipf(8) for TCP rate limiting X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Nov 2011 01:50:45 -0000 Hi. My machine has some ipf(8) rules and I see that when there is a TCP connection storm to the http port the filer sends out TCP resets. I wanted to know if its possible to configure the pps limit for TCP connections before the RSTs kick in using ipf. regards, vijay