View Single Post
  #3   (View Single Post)  
Old 5th May 2008
s2scott's Avatar
s2scott s2scott is offline
Package Pilot
 
Join Date: May 2008
Location: Toronto, Ontario Canada
Posts: 198
Default

/etc/pf.conf fragment...

Code:
# ----- 
pass in log quick on outside inet proto tcp \
 from !<BadSshVpn> to (outside:0) port 443 \
 tag SSHVPN flags S/SFRA keep state \ 
 queue(Q5VPN,Q7) \ 
 (max-src-conn-rate 3/120, overload <BadSshVpn> flush global) 
# 
pass in log quick on tun inet \
 from (tun:peer) to any \
 tag TUNPKTS \
 keep state 
# 
pass out log quick on inside inet \
 tagged TUNPKTS keep state 
# -----
__________________
Never argue with an idiot. They will bring you down to their level and beat you with experience.

Last edited by s2scott; 5th May 2008 at 02:54 PM.
Reply With Quote