I'm having a bit of a trouble with my firewall, an attacker has been able to spoof my address and is attacking my lan computer. I have antispoof rules in my pf.conf but they have gotten around them. So I'm thinking if I can't stop them, at least I can limit them. I have stateful tracking options on ssh, and apache but the attacker is using an already established connection (like that created by a web browser [<my.ip.address>:54535]) and doing unicode point attacks. My stateful tracking options are such:
Code:
WAN_STO="(max 5, source-track rule, max-src-states 5, max-src-conn 10, max-src-nodes 10, max-src-conn-rate 5/30, overload <blockedip> flush global)"
Is there a way to apply these to all connections?