Girish Venkatachalam napisa:
On Thu, Aug 27, 2009 at 4:59 PM, Ivan Radovanovic<riv...@gmail.com> wrote:
Thanks for your respone. If I understand you correctly pf kernel module
actually supports operating with tables based on positive conditions (ie not
only when rule is broken, but also when rule is true), and the way to define
rules of that kind is using directly some of IOCTLs documented in pf(4)?
Plese confirm if that is true, since I couldn't find that kind of
functionality with pfctl(8) (I tried making conditions with
max-src-conn-rate set to 0 with idea that making one connection will break
this rule so I could add ip in table that way, but pfctl(8) is too smart to
accept rules with max-src-conn-rate set to 0)
There is no need to write any C code with pf(4) ioctls.
A simple pf.conf should get you what you want. What do you mean by
max-src-conn-rate set to zero?
I think you are needlessly complicating things. If your goal is to
send reset, then
you can always do them with pf in a much more straight forward manner.
set block-policy return <bad-guys>
Try to keep things simple.
I think you misunderstood me - what I want is to add host to bad_guys if
it tries to connect to some closed port on my machine - in that case i
would like to intercept RST and put host in bad_guys table - that is why
I wrote
block sending any rst packet from me and put ip in bad_guys table
/* somebody tried to connect to non-open port */
maybe equivalent problem to this would be - how to add host to bad_guys
table if it tries to connect to port 0? (That is probably one line in
pf.conf if pfctl supports adding to table on positive conditions - I am
currently failing to find the way to achieve this)
