On Fri, Jun 15, 2012 at 04:17:06PM -0000, Shiv. Nath wrote: > Hi FreeBSD Gurus, > > > i want to use PF to Preventing SMTP Brute Force Attacks. i need some help > to understand correct syntax. > > URL Explaining this: http://www.openbsd.org/faq/pf/filter.html#stateopts > > > i expect the following behavior from the PF rule below: > > Limit the absolute maximum number of states that this rule can create to 200 > > Enable source tracking; limit state creation based on states created by > this rule only > > Limit the maximum number of nodes that can simultaneously create state to 100 > > Limit the maximum number of simultaneous states per source IP to 3 > > Solution: > int0="em0" > trusted_tcp_ports="{22,25,443,465}" >
pass in on $int0 proto tcp from any to any port $trusted_tcp_ports keep state (max 200, source-track rule, max-src-nodes 100, max-src-states 3 ) I don't know if max will work here but this is what I use for a sshd rule. pass in log quick proto tcp from any port >1023 to any port 22 flags S/SA keep state (max-src-conn 5, max-src-conn-rate 5/15 overload <sshmart> flush global) You should be using the syntax from pf41 through pf45. The URL you referenced has a syntax that changed in pf46, pf47 onward... -- - (2^(N-1)) _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
