DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 11th August 2008
ijk ijk is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 47
Default pf tables how long values stored

Code:
# brute force blocking
pass quick proto { tcp, udp } from any to any port ssh keep state (max-src-conn 50, max-src-conn-rate 8/60, overload <bruteforce> flush global)
IN the above rule ipaddress are stored in the bruteforce table.
If I stop pf i.e pfctl -d and than enable it pfctl -e will all the ipaddress stored in the bruteforce table be lost. As that is what happened.
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5
Reply With Quote
  #2   (View Single Post)  
Old 11th August 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

You should really consider... condensing your PF troubles into a single topic, outlining what your "overall goal" is.

Posting in the OpenBSD section also might be worth while, PF after all is a OpenBSD subproject.

It might also be wise to get Peter N.M. Hansteen's The Book of PF.
Reply With Quote
  #3   (View Single Post)  
Old 12th August 2008
ijk ijk is offline
Fdisk Soldier
 
Join Date: Jun 2008
Posts: 47
Default

Code:
You should really consider... condensing your PF troubles into a single topic, outlining what your "overall goal" is.
I post the issues as they occur and this helps me best. But it may not be to your liking.

Code:
Posting in the OpenBSD section also might be worth while, PF after all is a OpenBSD subproject.
ok

Code:
It might also be wise to get Peter N.M. Hansteen's The Book of PF.
Have already read it but implementing it is different. Have you Read it ? . Most chaps who ask questions here first google for answers than read books in the books reviews section here and visit other forums and when answers are not found post here.

http://www.daemonforums.org/showthread.php?t=596 also try my best to be an ideal newbie.

Why have you not answered the question ?

The values in tables are stored indefinately and that is why one uses a rule like this
Code:
pfctl -t bruteforce -T expire 86400
to expire entires.

But I did not run any such command above and on restarting pf I lost a long list of ipaddresses in the bruteforce table thus the question. So if you have any reasonable theories [and no there is no cron job runing which could do this] I would like to know thank you.


Far better than the book of pf is http://www.openbsd.org/faq/pf/ simple and easy to understand.
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5

Last edited by ijk; 12th August 2008 at 11:14 AM.
Reply With Quote
  #4   (View Single Post)  
Old 12th August 2008
hunteronline hunteronline is offline
Fdisk Soldier
 
Join Date: Jul 2008
Posts: 52
Default Pf Tables

http://www.daemonforums.org/showthread.php?t=1375
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
firefox/thunderbird take very long time (~45s) to start caesius FreeBSD Ports and Packages 4 28th November 2008 12:04 AM
PF <tables> hunteronline FreeBSD Security 8 16th July 2008 08:52 PM


All times are GMT. The time now is 06:19 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick