PF Rules for DoS
Below is a packet filter snippet from my config file:
block drop log quick from <brute> ... pass in quick on $ext_if proto tcp from any to <webs> port 80 flags S/SA keep state (max-src-conn 80, max-src-conn-rate 200/2, overload <brute> flush global) pass out quick on $int_if proto tcp from any to <webs> port 80 flags S/SA keep state pass out quick on $ext_if proto tcp from <webs> port 80 to any flags SA/SA keep state pass in quick on $int_if proto tcp from <webs> port 80 to any flags SA/SA keep state
Should the bruteforce rules be on each line, or just that first one?
If they should be on each line, should I multiply the values (80, 200/2) by 4 ?
Are the rates I'm using reasonable? blocking should be on the loose side
I'm open to any thoughts, opinions or screams on best practices
|Thread||Thread Starter||Forum||Replies||Last Post|
|Help with pf rules||TerranAce007||OpenBSD General||4||16th January 2009 10:14 PM|
|PF wont open port despite rules...||Dain_L||OpenBSD Security||3||12th September 2008 01:14 AM|
|ipfw rules not behaving||Weaseal||FreeBSD Security||5||13th August 2008 01:22 PM|
|PF/ALTQ rules not working as intended||Weaseal||FreeBSD Security||4||6th August 2008 12:41 PM|
|flush natd rules||nenduvel||FreeBSD Security||1||3rd May 2008 08:59 PM|