problem with PF tables
Adam Vondersaar
avonders at calarts.edu
Mon Mar 31 12:34:28 PDT 2008
I have had a production machine running for 6 months now using PF to
block SSH brute force attacks. What seems to happen now is that the
table is not staying open and PF can not add the IP to block. I am
curious if anyone has ran in to such a problem. I am using the
expiretable port to clear the tables with a cron job and here is an
excerpt from the pf.conf:
table <bruteforce> persist
block quick from <bruteforce>
pass in log (all) on $ext_if inet proto tcp from any to $ext_if port 22 \
flags S/SA keep state \
(max-src-conn 10, max-src-conn-rate 3/30, \
overload <bruteforce> flush global)
-Adam
More information about the freebsd-pf
mailing list