Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?
- Reply: Marek Zarychta : "Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?"
- Reply: kaycee gb : "Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?"
- In reply to: Marek Zarychta : "Re: How to apply brute force rate limitings with rdr and pass rules under FreeBSD 13?"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 25 Aug 2022 09:32:57 UTC
On 25/08/2022 11:26, Marek Zarychta wrote:
> W dniu 25.08.2022 o 10:48, Carlos López Martínez pisze:
>> But under Freebsd when I try to combine "pass" with "rdr" rules, it
>> doesn't works. For example:
>>
>> rdr on egress inet proto tcp from !<internal_networks> to egress port
>> $tcp_services -> $internal_server
>>
>> pass in on egress inet proto tcp from !<internal_networks> to
>> (egress:0) port $tcp_services flags S/SA keep state (max-src-conn 100,
>> max-src-conn-rate 15/5, overload <bruteforce> flush global)
>
> rdr comes first, so probably the second rule should be:
> pass in on egress inet proto tcp from !<internal_networks> to
> {(egress:0), $internal_server} port ...
> or maybe only:
> pass in on egress inet proto tcp from !<internal_networks> to
> $internal_server port ...
> depending on the desired behavior and the complete set of rules.
>
> It's also worth mentioning here that PF-specific FreeBSD mailing list
> exists: freebsd-pf@freebsd.org
>
> Regards,
Thanks Marek ... But if rdr comes first, pass rule will be not applied
right? I mean, how can I apply rate limiting options "flags S/SA keep
state (max-src-conn 100...." in a rdr rule?
--
Best regards,
C. L. Martinez