From owner-freebsd-pf@FreeBSD.ORG  Tue Aug 21 18:21:47 2012
Return-Path: <owner-freebsd-pf@FreeBSD.ORG>
Delivered-To: freebsd-pf@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C8C5F106566B
	for <freebsd-pf@freebsd.org>; Tue, 21 Aug 2012 18:21:47 +0000 (UTC)
	(envelope-from jdavidlists@gmail.com)
Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com
	[209.85.212.54])
	by mx1.freebsd.org (Postfix) with ESMTP id 740EB8FC0A
	for <freebsd-pf@freebsd.org>; Tue, 21 Aug 2012 18:21:47 +0000 (UTC)
Received: by vbmv11 with SMTP id v11so153403vbm.13
	for <freebsd-pf@freebsd.org>; Tue, 21 Aug 2012 11:21:46 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
	h=mime-version:sender:in-reply-to:references:date
	:x-google-sender-auth:message-id:subject:from:to:cc:content-type;
	bh=fTxKSMvp/ywlolSsN3Il8qQRVjokJzhgcWRB98hy/PI=;
	b=L5Jkiv9o+GoS9INaVE0HJn/QA6WBHyxRx7zg/n7cpcBDHzAiZiv+ShI7pY6Nnal0Mh
	FLwjWkV2FstWr42J2GTTUhmY7FCSbnnarmsh+A/qr55lXQgqPnuzNFrU26CBqadoAwM2
	xASDgyLSf11Shtr/XBw6jHqZj+Pm1OZ1YoatI1pqC0kNTtMqHRw3kUAtepWiuW9AIk+2
	qdC0+DQVTSwEg3XtZRWI1TRBqA020eEBGWiDei2vmOexucbE5SDEZ0jiPJEMQwDmC3Ec
	dQ6sRnkI1Ujefi84Yvk9bqOhFtduBkGpnBDRyN0Y/Gk3Zo00VlDwcgXZUDjpu6RC7POS
	GVrA==
MIME-Version: 1.0
Received: by 10.52.37.233 with SMTP id b9mr11980084vdk.107.1345573306719; Tue,
	21 Aug 2012 11:21:46 -0700 (PDT)
Sender: jdavidlists@gmail.com
Received: by 10.59.7.163 with HTTP; Tue, 21 Aug 2012 11:21:46 -0700 (PDT)
In-Reply-To: <20120821082444.GC31376@insomnia.benzedrine.cx>
References: <CABXB=RQZx1m05gVNh4x3zc7sovGA8ZpzyaZeq_Gd1QHS0n7r1g@mail.gmail.com>
	<CAFpgnrPdzWWF9gu4zkPvE-6aWt0UX+MrZm2=WYsbJo9eQff5DA@mail.gmail.com>
	<CABXB=RQhNbrObkY9x5FepkU8j=Sw+NJ92cqgTNw09Rh-yvFJPA@mail.gmail.com>
	<20120821082444.GC31376@insomnia.benzedrine.cx>
Date: Tue, 21 Aug 2012 14:21:46 -0400
X-Google-Sender-Auth: YDo8gfAlfpQOhu2MsxrtmH1buyg
Message-ID: <CABXB=RSRuUMDCz_xm-ajb0X-TsmO_LfZaMt91KgdCAw5=2vEnA@mail.gmail.com>
From: J David <j.david.lists@gmail.com>
To: Daniel Hartmeier <daniel@benzedrine.cx>
Content-Type: text/plain; charset=ISO-8859-1
Cc: freebsd-pf@freebsd.org
Subject: Re: Fighting DDOS attacks with pf
X-BeenThere: freebsd-pf@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Technical discussion and general questions about packet filter
	\(pf\)" <freebsd-pf.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-Post: <mailto:freebsd-pf@freebsd.org>
List-Help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>,
	<mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Aug 2012 18:21:47 -0000

On Tue, Aug 21, 2012 at 4:24 AM, Daniel Hartmeier <daniel@benzedrine.cx> wrote:
> Why not use synproxy state?

synproxy state does not help us limit simultaneous connections to a
particular destination IP, which is all we are trying to accomplish,
for a very large number of destination IPs.

Thanks.