From owner-freebsd-pf@FreeBSD.ORG Thu Jun 28 10:28:27 2007 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 8621716A421 for ; Thu, 28 Jun 2007 10:28:27 +0000 (UTC) (envelope-from almarrie@gmail.com) Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.244]) by mx1.freebsd.org (Postfix) with ESMTP id 4921F13C44B for ; Thu, 28 Jun 2007 10:28:27 +0000 (UTC) (envelope-from almarrie@gmail.com) Received: by an-out-0708.google.com with SMTP id c14so115776anc for ; Thu, 28 Jun 2007 03:28:26 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=LBmZi9nr4hMqQwd09Wf3N72ekgyoGqHtc+tYArqbeeomS/cylx01fqoa6+rQQ4s2B3hBG7ZBloKB5QmQrWk7vQb04P4okWZtQHDDo7VUb4FMRRNtXH02nzm0tXPdr6IUZJS43n4fPtpOhVDh88nJ8Vkn2k46K7Y8MUr3IUS3pzs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=fRf68HxonM4r2ymz6VcHjRMZbLNEvD5b7CtDPRIAdQkZS1jq5CKzx69lSzyOPYBoDi7aBxDoCL/jFJsWqKCNCCzIQvQxZxdh+dHG53IwaoN91ek2JForpYSLK+dTiny43j6PMlmqBwVnSZkYkgPVmj1z5Kk+nwTLbGTUHxQtcnI= Received: by 10.100.91.6 with SMTP id o6mr1033209anb.1183026506414; Thu, 28 Jun 2007 03:28:26 -0700 (PDT) Received: by 10.100.9.14 with HTTP; Thu, 28 Jun 2007 03:28:26 -0700 (PDT) Message-ID: <499c70c0706280328m497a613dg552901c7c9875ed2@mail.gmail.com> Date: Thu, 28 Jun 2007 13:28:26 +0300 From: "Abdullah Ibn Hamad Al-Marri" To: "FreeBSD PF Pro List" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Flush ICMP and UDP flooders X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Jun 2007 10:28:27 -0000 Hello, I would like to block ICMP and UDP flooders who exceed a reasonable number. #- Rate Limit UDP (150 per host) pass proto udp to any port $udp_services keep state pass in quick proto udp from any to any \ keep state \ (max-src-conn 1,max-src-states 151, \ overload flush global) #- Rate Limit ICMP (10 per host) pass in quick proto icmp from any to any \ keep state \ (max-src-conn 1,max-src-states 11, \ overload flush global) Comments? -- Regards, -Abdullah Ibn Hamad Al-Marri Arab Portal http://www.WeArab.Net/