Can pf dynamicly close connections
BB
brent.bolin at gmail.com
Thu Aug 4 20:59:53 GMT 2005
One of the sites that I maintain is moving to a different firewall.
WatchGuard Firebox X1000. None of the full time admins can work with vi for
system changes.
This is a feature on the firewall. If attempts are made on ports that are
close, all ports will be blocked for about 20 minutes.
Don't know if the feature mentioned above is good or bad.
On 8/4/05, Giovanni P. Tirloni <gpt at tirloni.org> wrote:
>
> BB wrote:
> > If a host is sending packets on ports that aren't even open can it
> > temporarily close all connections to this host.
>
> I don't think this a task pf itself should do but you can implement
> something to monitor connections attemps on closed ports and then
> inspect the pf's state table (pfctl -s state) and remove it (pfctl -k).
>
> Do you want something like PortSentry ? Someone could spoof those
> attempts and create a DoS on something you don't want to block.
>
> --
> Giovanni P. Tirloni
>
>
More information about the freebsd-pf
mailing list