View Single Post
  #2   (View Single Post)  
Old 7th January 2010
There0 There0 is offline
./dev/null
 
Join Date: Jul 2008
Posts: 170
Default

I use the following in my pf.conf, i do NOT use port 22 it saves mucho scans and logging dropped packets.


Code:
TCP_SVCS = "{ 32009 }"

table <bruteforce> persist

block drop log quick from { <bruteforce>, <noroute> }

pass in log quick on { $EXT, $INT } inet proto tcp from ip.addr.allowed to { $EXT } port $TCP_SVCS flags S/SA modulate state (max-src-conn 10, max-src-conn-rate 3/10, overload <bruteforce> flush global)
http://www.openbsd.org/faq/pf/index.html <- general howto for PF
http://johan.fredin.info/openbsd/blo...ruteforce.html
http://openbsd-wiki.org/index.php?title=PF_Examples
__________________
The more you learn, the more you realize how little you know ....

Last edited by J65nko; 10th January 2010 at 07:24 PM. Reason: Added [noparse][code][/noparse] tags ;)
Reply With Quote