On 5/18/07, Abdullah Ibn Hamad Al-Marri <[EMAIL PROTECTED]> wrote:
Thank you for the tip.Here what I'm using which fixed the issue. pass in on $ext_if proto tcp from any to $ext_if port $tcp_services flags S/SA synproxy state pass in on $ext_if proto tcp from any to $ext_if port $tcp_services \ flags S/SA keep state \ (max-src-conn 30, max-src-conn-rate 30/3, \ overload <bruteforce> flush global) pass out proto tcp to any keep state Comments?
The first rule won't match anything (same criteria as second rule, and last match wins with pf). On the third rule, use 'flags S/SA' unless you have a good reason not to. Kian _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
