- 论坛徽章:
- 0
|
看了网上很多文档,不甚明白,现在主WEB服务器老是很多人攻击,好像是DDOS,服务器是单网卡,已经加载PF模块,目前写了些简单规则,感觉不对,虽然语法没错,但是没起作用,希望大家帮帮忙!
目前的/etc/pf.conf
ext_if="bge0"
web="{127.0.0.1}"
ports="{80}" 这个端口不知道对不对,反正限制了,我用SSH还是登陆的上
###block this IP if threads from the IP more than allowd###
table <abusive_hosts> persist
block in quick on $ext_if inet proto tcp from <abusive_hosts> to $web port 80
pass in quick on $ext_if proto tcp from any to $web port 80 flags S/SA keep \
state (max-src-conn 100, max-src-conn-rate 3/1, max-src-states 5 overload \
<abusive_hosts> flush)
限制IP并发连接
www# pfctl -si 统计信息
No ALTQ support in kernel
ALTQ related functions disabled
Status: Enabled for 0 days 00:19:27 Debug: Urgent
State Table Total Rate
current entries 0
searches 128597 110.2/s
inserts 0 0.0/s
removals 15 0.0/s
Counters
match 128597 110.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 1 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
各位帮帮忙啊,我需要实现的功能很简单,对外只开放80端口,不知道是不是还要开MYSQL端口了,对内不做限制,不过我是单网卡,不知道行不行,要求外网内网访问网页就可以了, |
|