From owner-freebsd-pf@FreeBSD.ORG Sun Nov 9 21:07:10 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D316D1065688 for ; Sun, 9 Nov 2008 21:07:10 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from relay1-bcrtfl2.verio.net (relay1-bcrtfl2.verio.net [131.103.218.142]) by mx1.freebsd.org (Postfix) with ESMTP id A52D48FC1C for ; Sun, 9 Nov 2008 21:07:10 +0000 (UTC) (envelope-from ddesimone@verio.net) Received: from iad-wprd-xchw01.corp.verio.net (iad-wprd-xchw01.corp.verio.net [198.87.7.164]) by relay1-bcrtfl2.verio.net (Postfix) with ESMTP id DD700B0380CF; Sun, 9 Nov 2008 16:07:09 -0500 (EST) thread-index: AclCryEITltmD7q7TYCgrbnlonTFJw== Received: from limbo.int.dllstx01.us.it.verio.net ([10.10.10.11]) by iad-wprd-xchw01.corp.verio.net with Microsoft SMTPSVC(6.0.3790.1830); Sun, 9 Nov 2008 16:07:09 -0500 Received: by limbo.int.dllstx01.us.it.verio.net (Postfix, from userid 1000) id 11D058E29E; Sun, 9 Nov 2008 15:07:09 -0600 (CST) Date: Sun, 9 Nov 2008 15:07:09 -0600 From: "David DeSimone" Content-Transfer-Encoding: 7bit To: "Eric Williams" Content-Class: urn:content-classes:message Importance: normal Message-ID: <20081109210708.GB8477@verio.net> Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.3168 Mail-Followup-To: Eric Williams , freebsd-pf@freebsd.org References: <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com> <20081109112125.GA36707@icarus.home.lan> <1814bfe70811090544o28c29c5u185e3c0f2b8e85b4@mail.gmail.com> <20081109200659.GA8477@verio.net> <49174EEA.2040609@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <49174EEA.2040609@gmail.com> Precedence: bulk User-Agent: Mutt/1.5.9i X-OriginalArrivalTime: 09 Nov 2008 21:07:09.0689 (UTC) FILETIME=[20FC5E90:01C942AF] Cc: freebsd-pf@freebsd.org Subject: Re: Blocking udp flood trafiic using pf, hints welcome X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2008 21:07:10 -0000 Eric Williams wrote: > > David DeSimone wrote: > > You may want to consider adding "keep state" to your "block log" rules. > > Doesn't seem to work, it just gives "keep state on block rules doesn't > make sense" as an error. I guess what I mean is that "blog log" rules can keep state. So that they don't log every packet, just the first packet that creates the state. -- David DeSimone == Network Admin == fox@verio.net "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow This email message is intended for the use of the person to whom it has been sent, and may contain information that is confidential or legally protected. If you are not the intended recipient or have received this message in error, you are not authorized to copy, distribute, or otherwise use this message or its attachments. Please notify the sender immediately by return e-mail and permanently delete this message and any attachments. Verio, Inc. makes no warranty that this email is error or virus free. Thank you.