Ahoj
pokud mas FBSD 6.x tak muzes pouzit
A separate set of restrictions can be placed on stateful TCP connections that
have completed the 3-way handshake.
max-src-conn number
Limit the maximum number of simultaneous TCP connections which have
completed the 3-way handshake that a single host can make.
max-src-conn-rate number / interval
Limit the rate of new connections to a certain amount per time interval.
http://www.openbsd.org/faq/pf/filter.html#stateopts
pripadne man pf.conf
hledej max-src-conn
pro danou IP vytvoris pass pravidlo s prislusnym limitem
pokud pocet konexi presahne limit, tak by to melo ostatni zahazovat
guli
Bc. Radek Krejca wrote:
> Zdravim,
>
> potreboval bych omezit pocet spojeni na jednoho "uzivatele", ktere
> pustim pres router. Je to FreeBSD server s PF, ktery mimo jine
> obsluhuje nat. Potrebuji eliminovat uzivatele, kteri jsou treba
> zavirovani, nebo naji ruzna p2p udelatka a dokazi na natu
> vygenerovat treba 30 tisic konexi. Je na to neco v pf nebo je to
> nejaka sysctl hodnota? Jak omezit pocet "stavu" v pf v ramci celeho
> pf vim, ale jak to omezit nejak generalne pro kazdeho uzivatele /
> ip?
>
--
FreeBSD mailing list ([email protected])
http://www.freebsd.cz/listserv/listinfo/users-l
