View Single Post
  #7   (View Single Post)  
Old 9th January 2010
There0 There0 is offline
Join Date: Jul 2008
Posts: 170

I just tried adding something similar to what you are trying to accomplish to my firewall ruleset, it seems that creating the table, then blocking the table work fine, the rule to drop the traffic to port 22 and add that to a table was where i am stuck at as well.

I tried "block log quick on $EXT from any to port 22" with success, but could not seem to add anything after that (I tried "(max-src-conn 1, max-src-conn-rate 1/3, overload <port22bad> flush global)" ) and load PF properly.

I am not certain if tables can be used with blocked rules (I don't see why not, but i found nothing on the PF FAQ or the @openbsd-pf mailling list concerning this). Perhaps a question for @openbsd-pf and the developers to answer, i will actually post as i am also considering something like this for my PF rules, not to make anything easier and take away from your learning.
The more you learn, the more you realize how little you know ....
Reply With Quote