xref: /freebsd/sbin/pfctl/tests/files/pf0089.in (revision 031beb4e239bfce798af17f5fe8dba8bcaf13d99) 
1# TCP connection tracking
2
3table <bad> persist
4
5block all
6block quick from <bad>
7
8pass out proto tcp flags S/SA keep state
9pass out proto { icmp, udp } keep state
10
11pass in on lo1000001 proto tcp to 10.0.0.1 port 22 flags S/SA \
12    keep state (max-src-conn 10, max-src-conn-rate 3/99)
13
14pass in on lo1000001 proto tcp to 10.0.0.2 port 22 flags S/SA keep state \
15	(max-src-conn 10)
16
17pass in on lo1000001 proto tcp to 10.0.0.3 port 22 flags S/SA keep state \
18	(max-src-conn-rate 3/99)
19
20pass in on lo1000000 proto tcp to 10.0.0.1 port 80 flags S/SA modulate state \
21	(max-src-conn 100, max-src-conn-rate 10/5, overload <bad> flush)
22
23pass in on lo1000000 proto tcp to 10.0.0.1 port 8080 flags S/SA synproxy state \
24	(max-src-conn 1000, max-src-conn-rate 1000/5, overload <bad> \
25		flush global)
26