Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Aug 2012 14:21:46 -0400
From:      J David <j.david.lists@gmail.com>
To:        Daniel Hartmeier <daniel@benzedrine.cx>
Cc:        freebsd-pf@freebsd.org
Subject:   Re: Fighting DDOS attacks with pf
Message-ID:  <CABXB=RSRuUMDCz_xm-ajb0X-TsmO_LfZaMt91KgdCAw5=2vEnA@mail.gmail.com>
In-Reply-To: <20120821082444.GC31376@insomnia.benzedrine.cx>
References:  <CABXB=RQZx1m05gVNh4x3zc7sovGA8ZpzyaZeq_Gd1QHS0n7r1g@mail.gmail.com> <CAFpgnrPdzWWF9gu4zkPvE-6aWt0UX%2BMrZm2=WYsbJo9eQff5DA@mail.gmail.com> <CABXB=RQhNbrObkY9x5FepkU8j=Sw%2BNJ92cqgTNw09Rh-yvFJPA@mail.gmail.com> <20120821082444.GC31376@insomnia.benzedrine.cx>

next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Aug 21, 2012 at 4:24 AM, Daniel Hartmeier <daniel@benzedrine.cx> wrote:
> Why not use synproxy state?

synproxy state does not help us limit simultaneous connections to a
particular destination IP, which is all we are trying to accomplish,
for a very large number of destination IPs.

Thanks.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CABXB=RSRuUMDCz_xm-ajb0X-TsmO_LfZaMt91KgdCAw5=2vEnA>