Anathae Townsend schrieb:
the following pf.conf fragment allows ssh connections from the outside world
to my firewall
pass in on egress proto tcp from any to egress port ssh keep state \
(max-src-conn 10, max-src-conn-rate 4/20, overload <brutes> flush global)
If I understand tables and pf properly, and I have a default block all in
rule
could I not change it to the following fragment and allow only those not
already
added to the <brutes> table in?
pass in on egress proto tcp from ! <brutes> to egress port ssh keep state \
(max-src-conn 10, max-src-conn-rate 4/20, overload <brutes> flush global)
However, the faq-example (is it that where I got it from?) does a block
in quick from <brutes> right at the top of the filter section which
prevents unnecessary further parsing of rules for this kind of guests.
Dependant on your needs, your version might suite as well.
