Security blocking question

Matthew Seaman m.seaman at infracaninophile.co.uk
Fri Oct 16 19:51:11 UTC 2009


Aflatoon Aflatooni wrote:

> I have the following in my pf.conf:
> 
> ext_if="bge0"
> # Public Services --  smtp, http, pop3s
> tcpPubServices = "{ 25, 80, 995 }"
> set timeout { interval 10, frag 30 }
> set timeout { tcp.first 120, tcp.opening 30, tcp.established 86400 }
> set timeout { tcp.closing 900, tcp.finwait 45, tcp.closed 90 }
> set limit { states 10000, frags 5000 }
> #set loginterface none
> set optimization normal
> set block-policy drop
> #set require-order yes
> #set fingerprints "/etc/pf.os"
> set skip on lo0
> # Normalization: reassemble fragments and resolve or reduce traffic ambiguities.
> scrub in all
> 
> pass out all
> block in log all
> table <sshBruteForce> { }

^^^ this needs to be 'table <sshBruteForce> persist' or the OS will delete it
    if it's empty.

> block in quick from <sshBruteForce> to any
> pass in on $ext_if inet proto tcp from any to any port $tcpPubServices flags S/SA synproxy state
> pass in on $ext_if inet proto tcp from any to any port ssh modulate state (source-track rule max-src-nodes 8 max-src-conn 8 max-src-conn-rate 3/60 overload <sshBruteForce> flush global)
> 
> 
> And I have tried to make a lot of ssh connections to the box and killing them with ctrl-c or bad-password but nothing gets added to the table. There isn't anything in the log either. How would I go about figuring out what is wrong?

Usually if you leave your machine connected to the internet, some awfully
helpful people in China or some other far off place will test it for you
within a day or so...

	Cheers,

	Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 259 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20091016/5feca256/signature.pgp


More information about the freebsd-questions mailing list