>> Ooops.  Yes, -t bruteforce is correct.  "expire 604800" means delete
>> entries after they've been in the table for that number of seconds (ie
>> after one week)
>>
>>      Cheers,
>>
>>      Matthew
>>
>> --
>> Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
>>                                                   Flat 3
>> PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
>> JID: matt...@infracaninophile.co.uk               Kent, CT11 9PW

Dear Metthew,

first thanks for assisting to secure 22/25 ports from brute force attack.
i wish to consult if the following white list looks fine to exclude
trusted networks (own network)



int0="em0"
secured_attack_ports="{21,22,25}"

table <bruteforce> persist
block in log quick from <bruteforce>
pass in on $int0 proto tcp \
from any to $int0 port $secured_attack_ports  \
flags S/SA keep state \
(max-src-conn-rate 5/300, overload <bruteforce> flush global)


## Exclude Own Netowrk From Brute-Force Rule ##

table <own_network> persist {71.221.25.0/24, 71.139.22.0/24}
pass in on $int0 proto tcp from <own_network> to any

OR

pass in on $int0 proto tcp from <own_network> to secured_attack_ports

Thanks / Regards



_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Reply via email to