Below is a packet filter snippet from my config file:
block drop log quick from <brute> ... pass in quick on $ext_if proto tcp from any to <webs> port 80 flags S/SA keep state (max-src-conn 80, max-src-conn-rate 200/2, overload <brute> flush global) pass out quick on $int_if proto tcp from any to <webs> port 80 flags S/SA keep state pass out quick on $ext_if proto tcp from <webs> port 80 to any flags SA/SA keep state pass in quick on $int_if proto tcp from <webs> port 80 to any flags SA/SA keep state Question 1: Should the bruteforce rules be on each line, or just that first one? Question 2: If they should be on each line, should I multiply the values (80, 200/2) by 4 ? Question 3: Are the rates I'm using reasonable? blocking should be on the loose side I'm open to any thoughts, opinions or screams on best practices _________________________________________________________________ Attention all humans. We are your photos. Free us. http://go.microsoft.com/?linkid=9666046_______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org"
