J Moore wrote:
On Fri, Nov 11, 2005 at 11:29:52PM +0100, the unit calling itself Fabien
Germain wrote:
On 11/11/05, J.D. Bronson <[EMAIL PROTECTED]> wrote:
then add a rule like this....
pass in quick on $ext_if proto tcp from any to ($ext_if) port 22 keep state
(max-src-conn-rate 3/10, overload <attackers> flush)
Excelent, i supose this works for any kind of traffic, just change the port.
Is there a way to configure a timeout with the overload <attackers>
part, i mean, im thinking on activate this for my email servers, if some
zomby machine tries to flood my email server it will
be addedd to the attackers table, it would be nice that only for some
configurable time, after that the ip is dropped from the table, i've
seen this with yahoo, sometimes a customer is infected with the brand
new microsft virus of the week, he sends thousands of emails to one of
my smtp relays and yahoo blacklist the relays's ip, dropping every mail
with a message like "sorry, too many conections from 200.156.25.32",
after some time im able to send email to yahho again.
Thanks
