Hello, I am trying to rate limit/control access to a port across multiple virtual IPs or aliases using max-src-conn and max-src-conn-rate. Problem arises when attacker floods connections to the same port across many IPs listening on the same port. Is it possible to tell PF to treat connections to the same port across multiple IPs assigned to the same NIC in the instances of max-src-conn-rate ? In other words, I want connections made to port XX on x.x.x.1, x.x.x.2, etc... count toward the same counter using max-src-conn-rate and max-src-conn. By default, each IP tracks own counter and this defeats the purpose of my rate limiting for a port. Couldn't find this in the manual. Hard to imagine this is a very unique setup.
Thanks, Simon _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[email protected]"
