I am new into pf configuration and I am curious if it is possible to add
some host into table in firewall rules if some conditions are met (not
if they are broken). I was thinking about some way to prevent port
scanning of machine and what came to me as obvious way to do it is this
(in some pseudo
Girish Venkatachalam napisa:
Please read up on pf(4) anchors.
And also on connection overloads in pf.conf(5).
Stuff like max-conn-rate and so on.
You already said you know about pf(4) tables. You need to populate the tables
based on different criteria. I know that connection overload is one.
Girish Venkatachalam napisa:
On Thu, Aug 27, 2009 at 4:59 PM, Ivan Radovanovic wrote:
Thanks for your respone. If I understand you correctly pf kernel module
actually supports operating with tables based on positive conditions (ie not
only when rule is broken, but also when rule is true
Iqigo Ortiz de Urbina napisa:
You could also take a look at the match, tag and tagged keywords in
pf.conf.
Additionally, you may require parsing your custom logs (pflogN
interfaces or binary logs in /var/log/) in order to populate your
tables for use in the main ruleset or anchors.
Have a n
Iqigo Ortiz de Urbina napisa:
You could also take a look at the match, tag and tagged keywords in pf.conf.
Additionally, you may require parsing your custom logs (pflogN interfaces or
binary logs in /var/log/) in order to populate your tables for use in the
main ruleset or anchors.
Have a nice
5 matches
Mail list logo
