Hi guys, On 11/18/2010 02:55 PM Javier Marcon Servilink Web Hosting wrote: > Hello, setting simultaneous client connection limit allows you to restrict > the number of parallel connections to a server per client IP address or > client address block? When the limit is reached, it filters all the new > connections from that ip or it blocks all connections from that ip, or it > blocks all connections that matches the rule?
I'd just like to get back at this. I'm running pfSense 2.0-RELEASE and at
the end of the rule set of the WAN interface I've placed the following rule
which is supposed to limit incoming connections to a maximum of 5
per second.
<rule>
<id/>
<type>pass</type>
<interface>wan</interface>
<tag/>
<tagged/>
<max/>
<max-src-nodes/>
<max-src-conn/>
<max-src-states/>
<statetimeout/>
<statetype>keep state</statetype>
<os/>
<max-src-conn-rate>1</max-src-conn-rate>
<max-src-conn-rates>5</max-src-conn-rates>
<protocol>tcp</protocol>
<source>
<any/>
</source>
<destination>
<any/>
<port>22</port>
</destination>
<descr><![CDATA[ssh inbound]]></descr>
</rule>
So opening a single connection to port 22 works just fine. But opening
additional ones are being dropped. Is this a desired behaviour on limiting
simultaneous connections or is it either a limitation?
Thx
- Jan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
