pf 'overload' support?
Hi there :)
just a quick question as I stumbled upon it on an OpenBSD PF setup: Is the "overload" directive of pf included in the FreeBSD port of pf as well?
https://www.freebsd.org/doc/de/books/handbook/firewalls-pf.html (188.8.131.52) would indicate it is?
It's just mentioned for SSH usage but could be useful for a wider variety of services (e.g. mail is also mentioned) and putting those IPs that kill the defined rate limit into an automatic blocking alias/table would surely be a nice addition to the ruleset functionality (and reminds a bit of the easyrule thing).
Yes. If you define Max src conn Rate on a firewall rule, then if a client goes over those limits it's added to a special internal table that blocks additional connections from them. That uses the overload keyword.
Ah the virusprot table? Hmm, would be nice to separate them into customizable tables but good to know! :)