[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: pf and rate limiting without ALTQ
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: pf and rate limiting without ALTQ
- From: Henning Brauer <lists-openbsd_(_at_)_bsws_(_dot_)_de>
- Date: Thu, 25 Jul 2002 14:32:53 +0200
- Mail-followup-to: misc_(_at_)_openbsd_(_dot_)_org
On Thu, Jul 25, 2002 at 02:28:48PM +0200, Alexandre Dulaunoy wrote:
> On Thu, 25 Jul 2002, Gordon Grieder wrote:
> > On Thu, Jul 25, 2002 at 11:00:35AM +0200, Alexandre Dulaunoy wrote:
> > > Can you generate a RST or an ICMP respond when the rate is reached
> > > with ALTQ ? The usage and the purpose is not the same.
> > Assuming you mean control traffic, ALTQ can be configured to reserve
> > a certain percent (or bytes) of bandwidth for this.
> I mean to reject connection when a specific number of current
> established connection is reached.
okay. -current pf can do that, even given the intention of "keep state (max
x)" was a different one. Still, this does belong into the daemon and not the
> no more connection accepted. Is it more a matter for a packet filter,
> queueing or other (userspace daemon) ?
that'd be a matter for sshd itself.
Unix is very simple, but it takes a genius to understand the simplicity.
Visit your host, monkey.org