Vinicius Vianna wrote:
I got a firewall with openbsd 4.1 and pf and it's receiving a lot of syn
floods attacks and even udp floods,...
I am new at that an have been using pp 68 - 71 of the Book of PF cover
this as does "Firewalling with OpenBSD's PF packet filter", both by
Peter Hansteen.
http://home.nuug.no/~peter/pf/en/bruteforce.html
I use overloads for the massive number of SSH probes and have chosen
rather restrictive rules:
block in log quick on $ext_if from <ssh-bruteforce> \
label BLOCKBRUTES
pass in on $ext_if proto tcp to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn 3, max-src-conn-rate 3/60, overload \
<ssh-bruteforce> flush global) \
label BLOCKBRUTES
YMMV
Regards,
-Lars
