As I'm discovering my way through pf while reading the book "The book of PF", I have some questions and need a little help. First of all, I want to be able to configure pf to stop the brute force attacks. So, let's go to pf.conf as the book gives in the example.
First I have to create a table with
Code:
table <bruteforce> persist file "etc/bruteforce"
This is gonna create a table (<bruteforce>) and create the logs in the file /etc/bruteforce as I can understand.
After that, we're creating the rule
Code:
block quick from <bruteforce>
This is checking if the ip is logged in the <bruteforce> table and denies the chance to try to login, correct?
What I don't understand, is the following:
Code:
pass inet proto tcp to $localnet port $tcp_services \
keep state (max-src-conn 100, max-src-conn-rate 15/5, \
overload <bruteforce> flush global)
- why use 'inet' parameter and not 'in'?
- in the case I want to transfer files from outside the local network (for example I'll say 150 small text files.not a chance, but for the sake of the question), I must configure the max-conn-rate, or every file counts as a new connection (and therefore I have to modify the max-src-conn?)