Hello everyone,
We've been using pf for many years here and are very happy with it.
However, we're currently investigating ipfw :
1/ for the sake of it
2/ to build a couple machines with much larger scalability (for which I have a couple ideas in mind, like port-mirroring for post-mortem DDoS analysis)
I've written a small ruleset, adapting my pf rules to ipfw.
I've read through ipfw's man page and found the sysctls used to set stateful session timeouts.
I cannot seem to find, however, a way to set per-rule timeouts as is possible with pf :
Would someone kindly point me in the right direction, if that is possible at all ?
We've been using pf for many years here and are very happy with it.
However, we're currently investigating ipfw :
1/ for the sake of it
2/ to build a couple machines with much larger scalability (for which I have a couple ideas in mind, like port-mirroring for post-mortem DDoS analysis)
I've written a small ruleset, adapting my pf rules to ipfw.
I've read through ipfw's man page and found the sysctls used to set stateful session timeouts.
I cannot seem to find, however, a way to set per-rule timeouts as is possible with pf :
Code:
pass in quick on $vlan13 inet proto tcp \
from any to <ssl_servers> port 443 keep state \
(tcp.opening 20, max 15000, source-track rule, max-src-conn-rate 150/1 overload <blackhole> flush)Would someone kindly point me in the right direction, if that is possible at all ?