- 论坛徽章:
- 0
|
我的系统是FreeBSD6.1,跑apache,使用pf防火墙,这两天发现访问服务器相应很慢,而服务器的整体负载很低,网络流量也不大,经检查发现pf防火墙的动态规则数量很大,使用pfctl -sa|grep SYN|wc -l得出的结果经达到20000以上,请各位大虾帮我分析一下,是不是我的防火墙收到攻击呀?
以下是我的防火墙规则:
ext_if="xl0"
ext_addr="服务器IP"
set timeout { interval 10, frag 30 }
set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
set timeout { udp.first 60, udp.single 30, udp.multiple 60 }
set timeout { icmp.first 20, icmp.error 10 }
set timeout { other.first 60, other.single 30, other.multiple 60 }
set timeout { adaptive.start 0, adaptive.end 0 }
set limit { states 30000, frags 15000 }
set loginterface none
set block-policy drop
set require-order yes
scrub in on $ext_if
block in on $ext_if
block in quick on $ext_if from $ext_addr to $ext_addr
block in quick on $ext_if from <private_ip> to $ext_addr
block in quick on $ext_if from <block_ip> to $ext_addr
pass in quick on $ext_if proto tcp from any to $ext_addr port 80 flags S/SA keep state (source-track rule, max-src-conn 100, max-src-conn-rate
30/1, src.track 1)
pass out quick on $ext_if proto tcp from $ext_addr to any flags S/SA keep state
pass out quick on $ext_if proto udp from $ext_addr to any keep state
pass out quick on $ext_if proto icmp from $ext_addr to any keep state |
|
免费注册
发表于 2006-12-19 21:10