Re: [Fwbuilder-discussion] rate-limiting smtp traffic
Brought to you by:
mikehorn
From: Bill <Bi...@ex...> - 2006-05-10 03:22:17
|
On Mon, 8 May 2006 23:00:36 -0700 Vadim Kurland =E2=9C=8D <va...@vk...> spake: > > > > If it creates a framework that will allow for rate limiting and =20 > > stuff in > > PF then count me in... otherwise iptables stuff is not useful to me. >=20 > Could you give me some examples of pf configurations you refer to ? >=20 > --vk Hi VK! Here are some of the good explanations and examples of Queing/QOS under PF http://www.openbsd.org/faq/pf/queueing.html But the stuff I am more interested in seeing in fwbuilder is stuff like: pass in on $ext_if proto tcp to ($ext_if) port ssh keep state \ (max 100, source-track rule, max-src-nodes 75, max-src-states 3) and=20 pass inet proto tcp from any to $int_if:network port $tcp_services \ flags S/SA keep state \ (max-src-conn 100, max-src-conn-rate 15/5, \ overload <bruteforce> flush global) One day I will get free time and peek in at the fwbuilder code :) --=20 Bill Chmura Director of Internet Technology Explosivo ITG Wolcott, CT p: 860.621.8693 e: bill@Explosivo.com w. http://www.explosivo.com |