table <abusive_hosts> persist
block in quick from <abusive_hosts>
pass in on $ext_if proto tcp to $web_server port www \
flags S/SA keep state \
(max-src-conn 100, max-src-conn-rate 15/5, overload <abusive_hosts> flush)
Break it down line by line
define a table to store abusive hosts
block the abusive hosts
pass traffic to the web server
you need “flags S/SA keep state”
if a host creates more than 100 at a time or creates 15 connections a sec it is placed in abusive_hosts