On Friday 29 December 2006 12:05, Abdullah Al-Marrie wrote:
> On 11/23/06, Max Laier <[EMAIL PROTECTED]> wrote:
> > > On 11/23/06, Jon Simola <[EMAIL PROTECTED]> wrote:
> > > > > Greetings BPF gurus!
> > > >
> > > > PF? bpf is different and has little to do with firewalling.
> > > >
> > > > > Could someone please give me full example to setup
> > > > > limit {src-addr | src-port | dst-addr | dst-port} to do what
> > > > > IPFW 01000 allow tcp from any to me setup limit src-addr 5
> > > > > currently does
> > > >
> > > > I use something like this:
> > > >
> > > > pass in on $ext_if proto tcp from any to $ext_if port smtp flags
> > > > S/SA keep state (source-track rule, mac-src-states 5)
> > > >
> > > > --
> > >
> > > Greetings Jon,
> > >
> > > Could you please post your pf.conf with the rules so I can use it
> > > as a guide?
> >
> > If you are looking for a guide - I suggest reading the pf-faq on the
> > OpenBSD site or Peter's great tutorial, available from:
> > http://home.nuug.no/~peter/pf/ The topic in question, is discussed
> > here: http://home.nuug.no/~peter/pf/en/bruteforce.html
> >
> > --
> > /"\ Best regards, | [EMAIL PROTECTED]
> > \ / Max Laier | ICQ #67774661
> > X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED]
> > / \ ASCII Ribbon Campaign | Against HTML Mail and News
>
> Thank you Max, and Jon for your kind prompts to help me to sort this
> problem.
>
> PF is very powerful, again thanks for porting it to FreeBSD. :)
>
> I checked http://home.nuug.no/~peter/pf/en/bruteforce.html
>
> I still didn't find something in the faq covers table <bruteforce>
> persist , do I need to create a file like /etc/bruteforce or no need
> for that and will be stored in kernel until they expire or I reboot the
> box?You can *load* a table from a file pf.conf(5) has the syntax to do so. Afterwards the table exists in kernel memory and all updates only happen there (and are not written back to the file). There are tools that help with that, however. > Here is my pf.conf ... > # Tables: similar to macros, but more flexible for many addresses. > table <foo> persist ... > # End > > Am I missing something? You probably want a "block ... from <foo>" rule somewhere in order for the thing to take effect. > as su I type pfctl -t foo -Tl -f /etc/pf.conf but it returns nothing. > > I want to see the current IPs being blocked since I used overload <foo> Read the pfctl(8) manpage. You are reloading the table from the pf.conf file - which causes it to be empty. In order to show the contents, you need something like: pfctl -t foo -Tshow # a couple of "-v" gives nice statistics as well -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
pgpZq36qdpxI2.pgp
Description: PGP signature
