>> Ooops. Yes, -t bruteforce is correct. "expire 604800" means delete >> entries after they've been in the table for that number of seconds (ie >> after one week) >> >> Cheers, >> >> Matthew >> >> -- >> Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard >> Flat 3 >> PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate >> JID: matt...@infracaninophile.co.uk Kent, CT11 9PW
Dear Metthew, first thanks for assisting to secure 22/25 ports from brute force attack. i wish to consult if the following white list looks fine to exclude trusted networks (own network) int0="em0" secured_attack_ports="{21,22,25}" table <bruteforce> persist block in log quick from <bruteforce> pass in on $int0 proto tcp \ from any to $int0 port $secured_attack_ports \ flags S/SA keep state \ (max-src-conn-rate 5/300, overload <bruteforce> flush global) ## Exclude Own Netowrk From Brute-Force Rule ## table <own_network> persist {71.221.25.0/24, 71.139.22.0/24} pass in on $int0 proto tcp from <own_network> to any OR pass in on $int0 proto tcp from <own_network> to secured_attack_ports Thanks / Regards _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"