something like bruteblock for pf?
Peter N. M. Hansteen
peter at bsdly.net
Tue Aug 25 15:14:01 UTC 2009
Igor Mozolevsky <mozolevsky at gmail.com> writes:
>> I've used bruteblock, which manages ipfw, for blocking SMTP attackers and reducing smtp connects by 10s of 1000s per day.
>
> [snip]
>
>> Anybody know of anything similar for pf?
>
> http://www.bgnett.no/~peter/pf/en/spamd.setup.html
OP more likely wants something like state tracking with overload
tables, ie http://home.nuug.no/~peter/pf/en/bruteforce.html or similar
(yes, please update your bookmarks to point to the nuug site, the
bgnett one is getting stale).
It's worth noting that the overload tables method is not limited to
specific services as long as you can dream up sensible criteria and
some useful action to take on the hosts that end up in the overload
list.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
More information about the freebsd-pf
mailing list