problem with PF tables

Adam Vondersaar avonders at calarts.edu
Mon Mar 31 12:34:28 PDT 2008


I have had a production machine running for 6 months now using PF to 
block SSH brute force  attacks. What seems to happen now is that the 
table is not staying open and PF can  not add the IP to block. I am 
curious if anyone has ran in to such a problem. I am using the 
expiretable port to clear the tables with a cron job and here is an 
excerpt from  the pf.conf:

table <bruteforce> persist
 
block quick from <bruteforce>

pass in log (all) on $ext_if inet proto tcp from any to $ext_if port 22 \
        flags S/SA keep state \
        (max-src-conn 10, max-src-conn-rate 3/30, \
        overload <bruteforce> flush global)



-Adam




More information about the freebsd-pf mailing list