> On Aug 11, 2016, at 8:15 AM, John Jasen wrote:
>
> Should FreeBSD fix altq, or follow OpenBSD's lead in this regard?
If by this you mean start using OpenBSD's new traffic shaping scheme, that
would mean adopting OpenBSD's current pf(4) implementation. That debate has
been going on for long
I'm wondering if anyone has come up with a method of allowing pptpd
and pf to get along. It seems that using the ppp interface up and
down scripts to add/delete interface-specific rules to pf is the
way to go. Are there any other methods people would recommend?
--lyndon
I'd like it to be so that if an IP tries to connect to sshd more than
once in a 30 second period, that they are immediately blackholed.
Should I be using pf for this or would it be done better in some other
utility?
/usr/ports/security/bruteforceblocker.
___
Well this is a silly question, but perhaps traffic is being passed
out, but the responses can't get back in? It's not clear to me how
you expected responses to get in without a "keep state" on an outbound
rule.
In the OpenBSD implementation, the 'nat' statement implicitly enables
'keep state'
On May 15, 2006, at 6:29 PM, Scott Ullrich wrote:
You have to be aware that this otoh might open you to DoS
attacks. People
spoofing connections from your address will lock you out from your
own
server.
An alternative is available for PF that monitors the ssh syslog.
Take a look at:
htt
