Rate-limiting in PF
Dave Horsfall
dave at horsfall.org
Thu Oct 5 00:25:33 UTC 2017
On Thu, 5 Oct 2017, Vincent Hoffman-Kazlauskas wrote:
> What rules do you have that act on that table? ie do you have a block
> rule like
>
> block drop quick from <woodpeckers> to any?
Ah; I forgot to show that bit:
# block in log quick on $ext_if from <woodpeckers>
block in quick on $ext_if from <woodpeckers>
The "drop" is implied, AFAIK.
> is anything added to the table (pfctl -t woodpeckers -T show)
I have lots of them because I've been adding them by hand, but this time
I'll hold back and observe, just to be sure.
> If there is dont forget to expire them after a while unless you want
> them permanently banned, a cron with something like "pfctl -t
> woodpeckers -T expire 3600" iirc
I never expire spammers; I'd prefer that they expired instead :-) Once a
Pee-Cee has been 0wn3d, it tends to stay that way because the former owner
is too stupid to realise it. After all, there are two sorts of Windoze
boxes: those that are compromised, and those that soon will be...
--
Dave Horsfall DTM (VK2KFU) "Those who don't understand security will suffer."
More information about the freebsd-pf
mailing list