DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 8th August 2008
ijk ijk is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 47
Thanked 0 Times in 0 Posts
Default pf.conf brute force rule

When I added the rule below it locked me out what is wrong with it

Code:
pass quick proto { tcp, udp } from any to any port $brute_block keep state (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global)
pf.conf
Code:
# Macros: define common values, so they can be referenced and changed easily.
ext_if="rl0"
tcp_services = "{ domain, www, https, 10000 }"
udp_services = "{ domain }"
brute_block = "{ ssh, 10000 }"

# Tables
table <sshadmins> persist file "/etc/sshallow"
table <bruteforce> persist file "/etc/brufeforce"


# Set Optimizations:
set loginterface $ext_if

set skip on lo0

# Normalization / scrubbing
scrub in all

antispoof quick for { lo0 $ext_if }

block all
block quick from <bruteforce>

pass proto udp to any port $udp_services
pass proto tcp from any to self port $tcp_services
pass in on $ext_if inet proto icmp all icmp-type 8
# Allow access to sshd. 
pass in on $ext_if proto tcp from <sshadmins> to self port ssh

# brute force blocking
pass quick proto { tcp, udp } from any to any port ssh keep state (max-src-conn 50, max-src-conn-rate 8/60, overload <bruteforce> flush global)
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh brute force attacks sniper007 FreeBSD Security 21 12th June 2011 01:28 AM
pf: why is that rule not working? ivanatora FreeBSD General 14 11th December 2008 09:32 AM
pf.conf lumiwa FreeBSD Security 11 20th September 2008 01:01 AM
difference between rc.conf and loader.conf disappearedng FreeBSD General 5 3rd September 2008 05:54 AM
rc.conf questions starbuck FreeBSD General 2 29th July 2008 06:16 PM


All times are GMT. The time now is 05:46 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick