[ previous ] [ next ] [ threads ]
 From:  "Chris Buechler" <cbuechler at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Latest virus kills m0n0wall
 Date:  Mon, 13 Aug 2007 21:36:53 -0400
On 8/13/07, Alex Neuman van der Hans <alex at nkpanama dot com> wrote:
> This sounds like a pretty sound argument not only for hotels but several
> other types of installations. One thing I'd like to know is... does
> pfSense have some form of a "limit connections" rule per-ip or per-port?

Yes. pf offers a lot more capabilities in this area than ipf,
including simultaneous client connection limit, max state entries per
host, max new connections per second, and individual state timeout,
all on a per-rule basis. All of which are in the pfSense GUI. So you
have a LOT of flexibility with pfSense that m0n0wall can't offer
because ipf doesn't support those things. So it could stop this from
ever becoming an issue.

It'll still generate support calls since the worm will take up all the
states that host is allowed and it's likely nothing else will work for
that machine, but it won't affect anybody else which is the important