Am Mittwoch, den 26.07.2006, 18:38 -0700 schrieb krt:
> You can do a connection limit on a rule with a specific proto/port, i.e.
> simultaneous client connection limit/max state entries per host/max new
> connections per second.
Yes I know that already. Take a look at the created rulebase and you'll
notice, that every attempt to connect to any service from the blocked IP
address (blocked because of the connection limit) will be blocked by
pfSense. What I suggested was to block only connection attempts to the
service that caused the blocking (just like netfilter does), not to all
services or every hosts behind pfSense at all. Bill has implemented
tables, so this might be a reasonable way to go.
BR,
PIT
---------------------------------------------------------------------------
copyleft(c) by | /* * Buddy system. Hairy. You really aren't
Peter Allgeyer | _-_ expected to understand this * */ --
| 0(o_o)0 From /usr/src/linux/mm/page_alloc.cA
---------------oOO--(_)--OOo-----------------------------------------------
