Userland support for limiting open tcp connections per source. eg:

keep state (max-src-conn 1000, max-src-conn-rate 100/10, overflow <bad> flush)

allow a maximum of 1000 open connections or 100 new connections in 10 seconds.
The addresses of offenders are added to the <bad> table which can be used in
the ruleset, and existing states from that host are flushed.

ok deraadt@ dhartmei@

0 files changed, 0 insertions, 0 deletions