USE PF to Prevent SMTP Brute Force Attacks - Resolved !!!

Shiv. Nath prabhpal at digital-infotech.net
Sun Jun 17 09:18:29 UTC 2012


On 16/06/2012 21:03, Shiv. Nath wrote:

Dear Matthew,

Matthew, one a, one e.

first thanks for assisting to secure 22/25 ports from brute force
attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)


int0="em0"
secured_attack_ports="{21,22,25}"

table <bruteforce> persist
block in log quick from <bruteforce>
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports  \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload <bruteforce> flush global)


## Exclude Own Network From Brute-Force Rule ##

table <own_network> persist {71.221.25.0/24, 71.139.22.0/24}

pass in on $int0 proto tcp from <own_network> to any port
$secured_attack_ports

But, yes, other than that it looks good.  You want to move
the table definitions up to the top of the file and as you've shown, you
want your network specific rule after the more generic rate-limited
accept rule: remember that (except for quick rules) it's the last
matching rule in the ruleset that applies.

Cheers, Matthew


Dear Matthew,

i am sorry for misspelling your named, finally it is done with your
assistance. you have very good knowledge of PF because you are gentleman
indeed. sorry to trouble you too much.

Thanks / Thanks / Thanks / Thanks / Thanks /Thanks / Thanks  / Thanks




More information about the freebsd-stable mailing list