+ -
当前位置:首页 → 问答吧 → 急求PF限连接数方法

急求PF限连接数方法

时间:2011-07-20

来源:互联网

第1步:设置一个暴力攻击嫌疑的列表,凡是连接总是超过设定值或者单位时间内连接突发速率超过设定值的都视为可疑对象
table <bad_ip> persist

第2步:针对暴力攻击嫌疑对象设置相应的处理规则
block quick from <bad_ip>

第3步:设置相关连接限制
pass in on $int_if inet proto {tcp,udp} from any to any keep state (max-src-conn 100, max-src-conn-rate 15/5, overload <bad_ip> flush)

根本不起作用。
查看后。不是有大量的连接数
IP:192.168.0.250 Connections:123
IP:192.168.0.31 Connections:155
IP:192.168.0.38 Connections:134
IP:192.168.0.39 Connections:157
IP:192.168.0.48 Connections:112
IP:192.168.0.54 Connections:180
IP:192.168.0.55 Connections:150
IP:192.168.0.56 Connections:332
IP:192.168.0.60 Connections:201
IP:192.168.0.63 Connections:425
IP:192.168.0.65 Connections:343
IP:192.168.0.68 Connections:108
IP:192.168.0.82 Connections:325
IP:192.168.0.85 Connections:187
IP:192.168.0.89 Connections:216
IP:192.168.0.95 Connections:106
IP:192.168.0.97 Connections:272
IP:192.168.0.99 Connections:137

作者: sjfff99   发布时间: 2011-07-20

后修改
table <work_ip> {192.168.0.0/24,!192.168.0.1}

block in quick from <bad_ip>

pass in quick on $int_if inet proto tcp from <work_ip> to any keep state (max-src-conn 200, max-src-conn-rate 50/5, overload
<bad_ip> flush)

这样直接打不开网页了。有知道怎么解决吗?

作者: sjfff99   发布时间: 2011-07-20

热门下载

更多