Date: Thu, 23 Nov 2006 21:47:23 +0300 From: "John Smith" <almarrie@gmail.com> To: freebsd-pf@freebsd.org Subject: rate limit with pf instead of IPFW Message-ID: <499c70c0611231047k84747frf91def08d509cba6@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Greetings BPF gurus!
I have this rule in IPFW
01000 allow tcp from any to me setup limit src-addr 5
This rule as you know doesn't allow more than 5 connections per ip to
connect to my server in same time.
The problem with the IPFW, it doesn't allow me to set it with seconds,
so what I need to do is to prevent an IP to connect to my server IP in
same time in less than 3 secs.
I'm new to bpf and I don't know how to create such rule.
The man doesn't have enuf information with real example :(
So could someone give me an example with bpf does the same job as IPFW
plus using rate limit by secs?
I know this rule
"limit {src-addr | src-port | dst-addr | dst-port}"
But I need to set it globaly for all world IPs.
Could someone please give me full example to setup
limit {src-addr | src-port | dst-addr | dst-port} to do what IPFW
01000 allow tcp from any to me setup limit src-addr 5 currently does
I remain thanking you!
-J
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?499c70c0611231047k84747frf91def08d509cba6>