DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 20th March 2011
Daffy Daffy is offline
Fdisk Soldier
 
Join Date: Jun 2010
Posts: 73
Default pf.conf and some questions about brute attacks

As I'm discovering my way through pf while reading the book "The book of PF", I have some questions and need a little help. First of all, I want to be able to configure pf to stop the brute force attacks. So, let's go to pf.conf as the book gives in the example.

First I have to create a table with
Code:
table <bruteforce> persist file "etc/bruteforce"
This is gonna create a table (<bruteforce>) and create the logs in the file /etc/bruteforce as I can understand.

After that, we're creating the rule
Code:
block quick from <bruteforce>
This is checking if the ip is logged in the <bruteforce> table and denies the chance to try to login, correct?

What I don't understand, is the following:
Code:
pass inet proto tcp to $localnet port $tcp_services \
            keep state (max-src-conn 100, max-src-conn-rate 15/5, \
                      overload <bruteforce> flush global)
- why use 'inet' parameter and not 'in'?

- in the case I want to transfer files from outside the local network (for example I'll say 150 small text files.not a chance, but for the sake of the question), I must configure the max-conn-rate, or every file counts as a new connection (and therefore I have to modify the max-src-conn?)
Reply With Quote
 

Tags
bruteforce, pf, pf.conf

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh brute force attacks sniper007 FreeBSD Security 21 12th June 2011 01:28 AM
attacks DDoS Sam OpenBSD Security 6 18th December 2009 12:07 AM
some login.conf questions gosha OpenBSD General 2 5th July 2009 12:43 PM
pf.conf brute force rule ijk FreeBSD Security 6 11th August 2008 04:54 PM
rc.conf questions starbuck FreeBSD General 2 29th July 2008 06:16 PM


All times are GMT. The time now is 02:32 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick