[OmniOS-discuss] IPFILTER Rate Limiting
Brad Stone
bstone at aspirinsoftware.com
Tue Apr 25 22:04:45 UTC 2017
flowadm could give lower priority to a particular diffserv, but can't limit
to a specific number.
ipf supports a limit option, but not the max-per-src option which could be
helpful to prevent DoS attacks.
On Tue, Apr 25, 2017 at 11:39 AM, Dan McDonald <danmcd at omniti.com> wrote:
> Sorry, I didn't read deeply enough. flowadm(1M) doesn't use establishment
> as a flow limiter. I do wonder, though, if you couldn't use ipfilter to
> label inbound SYN packets with a distinct diffserv number which flowadm CAN
> use for limiting?
>
> Dan
>
> Sent from my iPhone (typos, autocorrect, and all)
>
> > On Apr 25, 2017, at 1:52 PM, Brad Stone <bstone at aspirinsoftware.com>
> wrote:
> >
> > I could be wrong, but I think flowadm can control only the priority and
> max bandwidth for the traffic, not
> > the connection rate.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omniosce.org/ml-archive/attachments/20170425/ade310f9/attachment-0001.html>
More information about the OmniOS-discuss
mailing list