On 2020-08-06 13:46, Alan McKay wrote:
So I want to implement rate limiting, and to determine a reasonable rate based on current traffic patterns I'd like to be able to figure out which source IPs are generating the most connections and at what rate. Is there a way to do that?
There is likely a better way to do it, but a quick and dirty method to check for number of states for an IP address would be something like:
$ doas pfctl -s state | grep -Fc "192.0.2.4" or if you wanted to check for the number of tcp or udp states specifically: $ doas pfctl -s state | grep "^all tcp" | grep -Fc "192.0.2.4" Regards, Jordan
