table <german> persist file "/etc/german"
block in quick proto { tcp udp } from ! <german> to any port { 27015, 3306, 1337 }
pass out
table <german> persist file "/etc/german"
block in quick proto { tcp udp } from ! <german> to any port { 27015, 3306, 1337 }
queue [B]port { 27015 }[/B] bandwidth 25Kb
pass out
IgorGlock said:and how can I block incoming packets from DDoS (or DoS)
not SSH attacks I mean if one CrazyMonkey like to broken my gameserver... if he send too many packets how can I block then?
------------- A ------------ B ------------
| Malicious |------->| Your ISP |------>| Your Box |
| User | ------------ ------------
-------------
Ruler2112 said:The only way that I am aware of to stop your link from being saturated by a user from the internet is to contact your ISP and have THEM stop routing traffic from certain IP(s) to your box, therefore having the packets never travel over link B. This will most likely break functionality for many sites/services, plus will almost certainly be a billable request for your ISP (if they're willing to do it at all).
Note that queueing is only useful for packets in the outbound direction. Once a packet arrives on an interface in the inbound direction it's already too late to queue it -- it's already consumed network bandwidth to get to the interface that just received it. The only solution is to enable queueing on the adjacent router or, if the host that received the packet is acting as a router, to enable queueing on the internal interface where packets exit the router.
set optimization aggressive
ext_if = "em0"
pass in on $ext_if proto tcp from any to any port
synproxy state (source-track rule, max-src-conn 5, if-bound)