Hello ,
I have a problem with ipfw , i need to add some ip addresses to Table 2 dynamically if they exceeds the 450packets per seconds to single destination.
Our freebsd box located as this :
Router ------- FreBSD ------ Switch ------ Servers.
It is just working as WAF / IDS / IPS .
there are 2 problems
1. I do not need to block an ip address depending on bandwith , because bandwith is meaningless on firewall boxes.Most important thing is PPS . Is there any way to trace /32 sources depending on pps ?
2. If it exceeds this traffic should i add the ip to address table auto ?
I have a problem with ipfw , i need to add some ip addresses to Table 2 dynamically if they exceeds the 450packets per seconds to single destination.
Our freebsd box located as this :
Router ------- FreBSD ------ Switch ------ Servers.
It is just working as WAF / IDS / IPS .
there are 2 problems
1. I do not need to block an ip address depending on bandwith , because bandwith is meaningless on firewall boxes.Most important thing is PPS . Is there any way to trace /32 sources depending on pps ?
2. If it exceeds this traffic should i add the ip to address table auto ?