PF to Preventing SMTP Brute Force Attacks
Shiv. Nath
prabhpal at digital-infotech.net
Sat Jun 16 16:23:38 UTC 2012
> On Jun 15, 2012, at 12:55 PM, Shiv. Nath wrote:
>
>> # START
>> table bruteforce persist
>> block in log quick from bruteforce
>>
>> pass in on $ext_if proto tcp \
>> from any to $ext_if port $trusted_tcp_ports \
>> flags S/SA keep state \
>> (max-src-conn-rate 3/300, overload bruteforce flush global)
>>
>> # END
>>
>> AND CRON:
>> */12 * * * * /sbin/pfctl -t ssh-bruteforce -T expire 604800 >/dev/null
>> 2>&1
>>
>> What is the function "expire 604800" are they entries in the table?
>> should it be -t bruteforce or -t ssh-bruteforce
>
>
> It refers to entries in the table specified by the "-t" option and
> instructs pf to expire (remove from the table) all entries older than the
> specified time (in seconds). Basically, the value 604800 will expire
> entries older than 1 week.
>
> For the above pf rules, the cron entry should be "-t bruteforce" (although
> in the pf rules you should be using "<bruteforce>").
>
> Cheers,
>
> Paul.
>
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
>
Dear Metthew & Paul,
Thank you very much for your time, efforts and energy to help me
configuring PF. Metthew also advised to create white, so that i do not
lock myself. i have have to yet look at it.
i will get in touch if i require more help. Thanks
Regards
More information about the freebsd-stable
mailing list