View Single Post
  #2   (View Single Post)  
Old 7th January 2010
There0 There0 is offline
Join Date: Jul 2008
Posts: 170

I use the following in my pf.conf, i do NOT use port 22 it saves mucho scans and logging dropped packets.

TCP_SVCS = "{ 32009 }"

table <bruteforce> persist

block drop log quick from { <bruteforce>, <noroute> }

pass in log quick on { $EXT, $INT } inet proto tcp from ip.addr.allowed to { $EXT } port $TCP_SVCS flags S/SA modulate state (max-src-conn 10, max-src-conn-rate 3/10, overload <bruteforce> flush global) <- general howto for PF
The more you learn, the more you realize how little you know ....

Last edited by J65nko; 10th January 2010 at 07:24 PM. Reason: Added [noparse][code][/noparse] tags ;)
Reply With Quote