|
|||
PF Rules for DoS
Below is a packet filter snippet from my config file:
Code:
block drop log quick from <brute> ... pass in quick on $ext_if proto tcp from any to <webs> port 80 flags S/SA keep state (max-src-conn 80, max-src-conn-rate 200/2, overload <brute> flush global) pass out quick on $int_if proto tcp from any to <webs> port 80 flags S/SA keep state pass out quick on $ext_if proto tcp from <webs> port 80 to any flags SA/SA keep state pass in quick on $int_if proto tcp from <webs> port 80 to any flags SA/SA keep state Question 1: Should the bruteforce rules be on each line, or just that first one? Question 2: If they should be on each line, should I multiply the values (80, 200/2) by 4 ? Question 3: Are the rates I'm using reasonable? blocking should be on the loose side I'm open to any thoughts, opinions or screams on best practices |
|
|||
thank you for the reply, I'm slightly new to this.
the router/gateway you see is redirecting our web traffic, but not used as a proxy. The third and fourth rules would be needed if the webserver does a CURL/wget however, correct? I also have max-src-conn-rate on FTP, what would be a proper limit do you think, i have 32/4 for mine |
|
||||
Quote:
Quote:
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Help with pf rules | TerranAce007 | OpenBSD General | 4 | 16th January 2009 10:14 PM |
PF wont open port despite rules... | Dain_L | OpenBSD Security | 3 | 12th September 2008 01:14 AM |
ipfw rules not behaving | Weaseal | FreeBSD Security | 5 | 13th August 2008 01:22 PM |
PF/ALTQ rules not working as intended | Weaseal | FreeBSD Security | 4 | 6th August 2008 12:41 PM |
flush natd rules | nenduvel | FreeBSD Security | 1 | 3rd May 2008 08:59 PM |