|
|||
pf.conf brute force rule
When I added the rule below it locked me out what is wrong with it
Code:
pass quick proto { tcp, udp } from any to any port $brute_block keep state (max-src-conn 15, max-src-conn-rate 5/3, overload <bruteforce> flush global) Code:
# Macros: define common values, so they can be referenced and changed easily. ext_if="rl0" tcp_services = "{ domain, www, https, 10000 }" udp_services = "{ domain }" brute_block = "{ ssh, 10000 }" # Tables table <sshadmins> persist file "/etc/sshallow" table <bruteforce> persist file "/etc/brufeforce" # Set Optimizations: set loginterface $ext_if set skip on lo0 # Normalization / scrubbing scrub in all antispoof quick for { lo0 $ext_if } block all block quick from <bruteforce> pass proto udp to any port $udp_services pass proto tcp from any to self port $tcp_services pass in on $ext_if inet proto icmp all icmp-type 8 # Allow access to sshd. pass in on $ext_if proto tcp from <sshadmins> to self port ssh # brute force blocking pass quick proto { tcp, udp } from any to any port ssh keep state (max-src-conn 50, max-src-conn-rate 8/60, overload <bruteforce> flush global)
__________________
Freebsd 7 64 bit apache2.2 php5 mysql5 |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ssh brute force attacks | sniper007 | FreeBSD Security | 21 | 12th June 2011 01:28 AM |
pf: why is that rule not working? | ivanatora | FreeBSD General | 14 | 11th December 2008 09:32 AM |
pf.conf | lumiwa | FreeBSD Security | 11 | 20th September 2008 01:01 AM |
difference between rc.conf and loader.conf | disappearedng | FreeBSD General | 5 | 3rd September 2008 05:54 AM |
rc.conf questions | starbuck | FreeBSD General | 2 | 29th July 2008 06:16 PM |