Hi,
Quoting Dom De Vitto <[EMAIL PROTECTED]>:
> Does anyone know/have a way to throttle (delay or drop) on:
>
> a) Number of active connections matching a particular rule.
> b) Limit the number of connections from a single host.
> b) Bandwidth of 'any' individual client being greater than some value.
For a), from 'man pf.conf' :
All three of keep state, modulate state and synproxy state support the following
options:
max _number_
Limits the number of concurrent states the rule may create. When
this limit is reached, further packets matching the rule that would
create state are dropped, until existing states time out.
Example :
pass in proto tcp all port www flags S/SA keep state max 100
A++ Foxy
--
Laurent Cheylus <[EMAIL PROTECTED]> OpenPGP ID 0x5B766EC2
