question about max-src-conn and max-src-conn-rate
Tony
ghostsniper007 at hotmail.com
Tue Jul 14 15:25:00 UTC 2009
Below is a packet filter snippet from my config file:
block drop log quick from <brute>
...
pass in quick on $ext_if proto tcp from any to <webs> port 80 flags S/SA keep state (max-src-conn 80, max-src-conn-rate 200/2, overload <brute> flush global)
pass out quick on $int_if proto tcp from any to <webs> port 80 flags S/SA keep state
pass out quick on $ext_if proto tcp from <webs> port 80 to any flags SA/SA keep state
pass in quick on $int_if proto tcp from <webs> port 80 to any flags SA/SA keep state
Question 1:
Should the bruteforce rules be on each line, or just that first one?
Question 2:
If they should be on each line, should I multiply the values (80, 200/2) by 4 ?
Question 3:
Are the rates I'm using reasonable? blocking should be on the loose side
I'm open to any thoughts, opinions or screams on best practices
_________________________________________________________________
Attention all humans. We are your photos. Free us.
http://go.microsoft.com/?linkid=9666046
More information about the freebsd-pf
mailing list