Use the static command to limit the number of
embryonic connections allowed to the server to protect internal hosts against
DoS attacks
. Use
the em_limit argument to limit the number of embryonic or
half-open connections that the server or servers to be protected can handle. A
value of zero disables protection. When the embryonic connection limit value is
exceeded, all connections are proxied.
Use the nat
command to protect external hosts against DoS attacks and to limit the number
of embryonic connections from the external host
. Use the
em_limit argument to limit the number of embryonic or
half-open connections that the server or servers to be protected can
handle.
Use the udpudp_max_conns field to set
the maximum number of simultaneous UDP connections the local_ip
hosts are each allowed to use
. Idle
connections are closed after the time that is specified by the timeout
connection command.
In both the nat and
static statements, the udp_max_conns
field is applicable even when the TCP max_conns
limit is not set, by using the keyword udp. This
allows the two limits to be exclusively configured.