From owner-freebsd-pf@FreeBSD.ORG Wed Jun 23 22:29:33 2010 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35BFA1065676 for ; Wed, 23 Jun 2010 22:29:33 +0000 (UTC) (envelope-from dudu@dudu.ro) Received: from mail-ww0-f54.google.com (mail-ww0-f54.google.com [74.125.82.54]) by mx1.freebsd.org (Postfix) with ESMTP id CCF798FC1A for ; Wed, 23 Jun 2010 22:29:32 +0000 (UTC) Received: by wwb24 with SMTP id 24so1172236wwb.13 for ; Wed, 23 Jun 2010 15:29:31 -0700 (PDT) Received: by 10.216.161.202 with SMTP id w52mr3144623wek.10.1277332169469; Wed, 23 Jun 2010 15:29:29 -0700 (PDT) MIME-Version: 1.0 Received: by 10.216.48.198 with HTTP; Wed, 23 Jun 2010 15:29:09 -0700 (PDT) In-Reply-To: References: From: Vlad Galu Date: Thu, 24 Jun 2010 00:29:09 +0200 Message-ID: To: claudiu vasadi Content-Type: text/plain; charset=ISO-8859-1 Cc: freebsd-pf@freebsd.org Subject: Re: can pf block a string ? or better, to limit it ? X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Jun 2010 22:29:33 -0000 http://www.inmon.com/support/sentinel_release.php On Wed, Jun 23, 2010 at 8:30 PM, claudiu vasadi wrote: > Hello fellas, > > > system: freebsd 8.0 with pf > > > A couple of years ago I wanted to limit a string with pf and I could not > find a way to do it. > > Back in the day, I was running a dc++ software on FreeBSD and the most > common way of flood was this "string attack". The idea was simple: more than > "x" number of packages containing this "string" = dc++ software stuck. I > remember a friend of mine was able to limit the number per second to > something but I was unable to do the same in pf. Back then I was using > FreeBSD6.2 but I can't find a way to do it even now. > > > Can someone shed some light ? Were you trying something similar ? > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > Hi Claudiu, See the "STATEFUL TRACKING OPTIONS" chapter of pf.conf(5), particularly the "source-track", "max-src-nodes", "max-src-states", "max-src-conn" and "max-src-conn-rate" keywords. -- Good, fast & cheap. Pick any two.