From owner-freebsd-pf@FreeBSD.ORG Sun Nov 9 21:30:01 2008 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D1A7E1065674 for ; Sun, 9 Nov 2008 21:30:01 +0000 (UTC) (envelope-from purpleshadow100@gmail.com) Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.27]) by mx1.freebsd.org (Postfix) with ESMTP id 5E4EB8FC17 for ; Sun, 9 Nov 2008 21:30:01 +0000 (UTC) (envelope-from purpleshadow100@gmail.com) Received: by ey-out-2122.google.com with SMTP id 6so779400eyi.7 for ; Sun, 09 Nov 2008 13:30:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:cc:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=J3cVAyh5t/TQMqQrXJOhGc1QOJHnIf9Wh6vgfxn7cj4=; b=E11oPfbwCy10HTLAO7t1si8rSidpfGgtKYEhL8qZpc8djx8iWQw/mVVEC+jszXKgV9 +wIM3Bb8ZCKmcsWqkLLUKt8eO+zMUphUaUcOozFApYA7dXsckiWJETTF1gV9zq6kHkmi coJ8/E8WtIiPCVkr4ts05o1+34TU9iDCApCf0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:cc:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=cNyZqYk++iN+4SHC/3Ni69MGXKAZxYl/fURp85articeIalxWKG+wAEcpsUru+Glqb UagSwcqOyJgQUOblj0jiAocb4PDNq3jJb7kXvWVvTLYs22K5HDp9dB6FjxXkZOo4DPFQ yhZcpa1GzvkIXSYFSY0gvR0LQqwL70Z69d7+M= Received: by 10.210.12.18 with SMTP id 18mr6889995ebl.135.1226264308936; Sun, 09 Nov 2008 12:58:28 -0800 (PST) Received: from ?10.10.10.67? (cpe-70-112-151-108.austin.res.rr.com [70.112.151.108]) by mx.google.com with ESMTPS id 20sm9006211eyk.4.2008.11.09.12.58.26 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 09 Nov 2008 12:58:28 -0800 (PST) Message-ID: <49174EEA.2040609@gmail.com> Date: Sun, 09 Nov 2008 14:58:18 -0600 From: Eric Williams User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: David DeSimone References: <1814bfe70811090137v39cd6434l49b545eb3b6eb88c@mail.gmail.com> <20081109112125.GA36707@icarus.home.lan> <1814bfe70811090544o28c29c5u185e3c0f2b8e85b4@mail.gmail.com> <20081109200659.GA8477@verio.net> In-Reply-To: <20081109200659.GA8477@verio.net> X-Enigmail-Version: 0.95.7 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: freebsd-pf@freebsd.org Subject: Re: Blocking udp flood trafiic using pf, hints welcome X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2008 21:30:01 -0000 David DeSimone wrote: > You may want to consider adding "keep state" to your "block log" rules. > If you keep state on the blocked packets, only the first packet that is > blocked will get logged; the others will be blocked statefully without > consulting the rulebase, which may save some processing time. > > Note that "keep state" is only implicit on "pass" rules, you must add it > on "block" rules Doesn't seem to work, it just gives "keep state on block rules doesn't make sense" as an error.