Ok. I just tested the situation a few times:
1. set a limit on the pfsense router. 2. do something in the mentioned software to exactly break the limit on one host, then the host would be unable to reach to the pfsense router or the outside while it's all ok on the reverse direction. 3. exit that software. 4. keep pinging the router on the punished host to see if the pulishment would be ended automatically and how long the pulishment would last for if it would be. It seems that the pulished host would regain the access to the pfsense router in about one and half hour. I tried to set the 'state timeout in seconds' in advanced options to 1800 (half hour) and found that the pulishment period wouldn't change at all. I can't find any other settings about this timeout in webConfigurator and /cf/conf/config.xml. Should I edit /etc/pf.conf directly? The file seems like a template with all lines commented. Also, there isn't any default value is near 90 minutes. On Fri, Apr 18, 2008 at 11:08 PM, Ermal Luçi <[EMAIL PROTECTED]> wrote: > > On Fri, Apr 18, 2008 at 9:53 AM, Yin Gang <[EMAIL PROTECTED]> wrote: > > Hi, > > > > I've been using pfsense 1.2 as my company's internet sharing router > > for a few days. > > > > Yesterday I set a threshold value for the "maximum new connections / > > per second" on the default LAN rule. I also set some other advanced > > options mainly to reduce the impact from some p2p download software. > > Today one guy came to me and said his computer can't reach to internet > > anymore. After some digging, I found that: > > > > He has a software on his computer which could emit many connections in > > all of a sudden (which has exceed my setting quite a lot) and after > > that his computer would failed to access internet. At this time, the > > pfsense router can ping his computer quite well while the later can't > > ping the router. Finally his computer can access the router or the > > internet again after changing its ip address or restarting the router. > > That's not a good solution for sure ;-) > > > > Because the problem could be repeated exactly, I guess that maybe the > > router has banned the computer's ip address because that software on > > it. I think there may be somewhere in the webConfigurator to handle > > these banning things. But I failed to find out any related function > > page. > > > > Then I cleared the 'maximum new connections per second' setting and > > the problem is just gone whatever the guy use that software. > > > > Of coz, I could just increase the threshold value or even tell the guy > > not to use that software. > > > > But I still wonder if there any way for me to view all these banned ip > > addresses? Is there any way for me to de-ban them? How long would be > > the banning period? > > > > There is no banning it is just doing what you told it to do. Limit the > number of concurrent connections on a configured time bases. > If you want still to keep that setting read the pf manual here to > configure just that machine ip to be more tolerant and be more > agressive on the time its tcp connections can live on the rule. > > Ermal > > > I'm not a bsd expert and just use unix/linux once in a while. Any help > > would be appreciated. > > > > -- > > Best Regards, > > Yin Gang > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > -- Best Regards, Yin Gang --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
