From owner-freebsd-questions@FreeBSD.ORG Mon Sep 22 11:59:11 2008 Return-Path: Delivered-To: questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 85DB9106564A for ; Mon, 22 Sep 2008 11:59:11 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.190]) by mx1.freebsd.org (Postfix) with ESMTP id 11BF88FC24 for ; Mon, 22 Sep 2008 11:59:09 +0000 (UTC) (envelope-from reddvinylene@gmail.com) Received: by nf-out-0910.google.com with SMTP id h3so505042nfh.33 for ; Mon, 22 Sep 2008 04:59:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=Pg8SvAtblBb+bkwx7FY0alNdZ5oU0DUAGEl5LrXN+PU=; b=gIl6ixy3oa3J/VYMzhVwJCPQSUg75LkeV3tEd+pNJnq6cQGx47eDzvTeNQPPqEWjKg lAG4QllrH/LNT2LyGBeqyqamxCJbQZhYXl6/sWj008gzhOuwnMo4jDbSf9kuiNMclrZ2 gr4isSoAbr6gwKmbgyuM4MJGQL0N3PczW65j0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=W9Gagxd5CmuogmW9JEVmTJHyXBoMv2ITym1EgoHg7vUAwJskXlEr8NtXrn08UnSXtW p5pEtViRi4/yfdxGCgKxO7LKvgP9yzHqmM+jgH4YxWqHyLYOziEu7GX6lieOfZFZ1gLy /5GinV2NYm5GEAQtfTTYvGnhYYFskBEjUO6wE= Received: by 10.103.217.7 with SMTP id u7mr2529555muq.102.1222084748312; Mon, 22 Sep 2008 04:59:08 -0700 (PDT) Received: by 10.103.247.7 with HTTP; Mon, 22 Sep 2008 04:59:08 -0700 (PDT) Message-ID: Date: Mon, 22 Sep 2008 13:59:08 +0200 From: "Redd Vinylene" To: "=?ISO-8859-1?Q?Lars_Nood=E9n?=" , questions@freebsd.org, misc@openbsd.org In-Reply-To: <48D7590A.9070404@openoffice.org> MIME-Version: 1.0 References: <48D7590A.9070404@openoffice.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: Re: pf to block against DDoS? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 22 Sep 2008 11:59:11 -0000 On Mon, Sep 22, 2008 at 10:36 AM, Lars Nood=E9n = wrote: > Redd Vinylene wrote: > >> ... > >> You can also use two tables so that the first overload gets shunted to= a > >> slow queue and given a second chance before ending up in the second > >> table which gets blocked. > > ... > > Lars Noodin: Would you happen to have an example of that? > > Not really, here is an illustration of how it might be approached: > > http://www-personal.umich.edu/~lars/PF/pf.ssh-2tables.conf > > I expect that the last-rule-matched takes care of the decision. The > However, there might be some divergence between what I think it does and > what it really does. > > Another question is, in which cases is that useful? > > Regards > -Lars > This has been a very interesting example, Lars. Thanks a lot for sharing! As for your last question though, I think I know what you mean. It is to say, should a rapist really be given a second chance? --=20 http://www.home.no/reddvinylene