The problem is that these attacks aren't on any pass rule, they are on
ports that my firewall doesn't permit, so the packet will go to the
block rule, and i can't use these overload rules with block can I?
Lars NoodC)n wrote:
Vinicius Vianna wrote:
I got a firewall with openbsd 4.1 and pf and it's receiving a lot of
syn floods attacks and even udp floods,...
pass in on $ext_if proto tcp to ($ext_if) port ssh \
flags S/SA keep state \
(max-src-conn 3, max-src-conn-rate 3/60, overload \
<ssh-bruteforce> flush global) \
label BLOCKBRUTES
Regards,
-Lars
