USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!
Shiv. Nath
prabhpal at digital-infotech.net
Sat Jun 16 20:03:35 UTC 2012
>> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete
>> entries after they've been in the table for that number of seconds (ie
>> after one week)
>>
>> Cheers,
>>
>> Matthew
>>
>> --
>> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
>> Flat 3
>> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
>> JID: matthew at infracaninophile.co.uk Kent, CT11 9PW
Dear Metthew,
first thanks for assisting to secure 22/25 ports from brute force attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)
int0="em0"
secured_attack_ports="{21,22,25}"
table <bruteforce> persist
block in log quick from <bruteforce>
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload <bruteforce> flush global)
## Exclude Own Netowrk From Brute-Force Rule ##
table <own_network> persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from <own_network> to any
OR
pass in on $int0 proto tcp from <own_network> to secured_attack_ports
Thanks / Regards
More information about the freebsd-stable
mailing list