Date: Mon, 15 May 2006 08:24:06 +0400 From: GreenX FreeBSD <freebsd@azimut-tour.ru> To: freebsd-pf@freebsd.org Subject: promt solution with max-src-conn-rate Message-ID: <44680266.2090007@azimut-tour.ru>
next in thread | raw e-mail | index | archive | help
Hi, I wish to make so: for that that the port ssh for certain IP would open, it is necessary in the beginning will be knocked on other port. While I have written about such rules: block all pass in quick on $int_if inet proto tcp from any to $int_if port http keep state (max-src-conn-rate 1/60, overload <sshen>) pass quick inet proto tcp from <sshen> to $int_if port ssh They work, but there are some things not arranging me: - If to change port http for any other empty port (on http post, I have working apache) source IP does not get in the table though state it is created. - To be knocked it is necessary two times:) since max-src-conn-rate it is not allowed to set a zero. Somebody was engaged in similar distortions? Or somebody knows as to solve this task in another with PF? Best regards, GReenX.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44680266.2090007>