Ken Gunderson a écrit :
Hello:
I've been using pf a long while now - since before it featured
tables. Out of habit I mostly define things using lists, and reserve
tables for really large things like spamd, bogons, and things that I
need to change/update on the fly. More recently I'm wondering
Daniel wrote :
I originally wrote them as chapters for a book, but then publication
was cancelled. Luckily, the rights could be salvaged,
and now you get to enjoy them as undeadly.org exclusives. In celebration
of the upcoming OpenBSD 4.0 http://www.openbsd.org/orders.html
release. ;)
*
Daniel Hartmeier a écrit :
A creative use of 'max-src-conn' and 'overload table' could possibly
provide what you want. See pf.conf(5) for details.
As trigger, you use a source-tracking rule on the internal interface.
When a LAN host triggers the rule limit, its (un-NATed) source address
will be
Hi,
In your rule you have :
rdr on $IntIF inet proto tcp from any to 80.17.9.12 port 5280 - 192.168.11.3
port 5280
instead of $IntIF you should have $ExtIF no ?
because your rule says :
pass in quick on $ExtIF inet proto tcp from any to any port 5280 keep state
regards
Selon Samuel Penn
Stuart Henderson a écrit :
On 2008/01/22 12:07, Arnaud Feix wrote:
Hi,
In your rule you have :
rdr on $IntIF inet proto tcp from any to 80.17.9.12 port 5280 - 192.168.11.3
port 5280
instead of $IntIF you should have $ExtIF no ?
because your rule says :
pass in quick on $ExtIF inet proto
