Usage of global tables and anchor
Özkan KIRIK
ozkan.kirik at gmail.com
Wed Jan 15 20:02:44 UTC 2020
Hi,
I'm trying to use overload tables using global tables within anchors.
Sample ruleset is shown below:
table <bruteforce> persist
block quick from <bruteforce>
pass in proto tcp to port ssh modulate state \
(max-src-conn-rate 5/3, overload <bruteforce> flush global)
anchor "ftp" {
pass in proto tcp to port ftp modulate state \
(max-src-conn 2, overload <bruteforce> flush global )
pass in proto tcp to port { 40000:50000 }
pass out proto tcp to port ftp
}
But i get the error below:
pfctl: warning: namespace collision with <bruteforce> global table.
I saw that, pf was created a new table instance in anchor "ftp", Even there
is no table declaration in anchor.
# pfctl -sT
bruteforce
# pfctl -sT -a ftp
bruteforce
How can I use global tables for overload in anchors?
Regards
More information about the freebsd-pf
mailing list