On Thu, Apr 16, 2009 at 12:36:20PM +0200, Peter N. M. Hansteen wrote: > hu st <[email protected]> writes: > > So could pf limit the maximum number of simultaneous state entries > > that a single source IP's source port can create with a rule? > > (borrow from man pf.conf :)) > > max-src-states? (see STATEFUL TRACKING OPTIONS in man 5 pf.conf)
FWIW, I've succesfully toned down the bittorrent traffic flowing through my dormitory's gateway by using max-src-states to allow X simultaneous connections per source to known ports such as ftp, ssh, smtp, domain, http, pop3, auth, ntp, imap, https, submission, imaps, pop3s, messenger, irc, etc. and Y (where Y < X) simultaneous connections per source to all other ports.
signature.asc
Description: Digital signature
